Jotform is proud to announce we’re Payment Card Industry Data Security Standard (PCI DSS) Service Provider Level I certified – the highest level of security possible for a business that collects payments from, and integrates with, credit cards. In fact, Jotform has been PCI DSS compliant at the highest level dating back to 2018, and continuing to pass this standard with no exceptions is something we take pride in.
We’re proud to be the first, and the only online form building platform to provide the highest level of data security possible to our users. Here’s a short summary of what that means.
What is PCI compliance?
In a nutshell, PCI compliance is the security standard set by the major global credit card companies, including American Express, Discover, JCB, MasterCard, and Visa.
Why is Jotform PCI compliant?
Jotform had previously been certified as PCI DSS Service Provider Level 2, but as the volume of integrated payments increased, it became a necessary step to upgrade to the highest level of security. Companies that hit a transaction threshold are ultimately held to higher security standards, and rightly so.
Does Jotform process credit card information?
We don’t. Instead, we trust our terrific payment integration partners to do the processing for us. However, we still wanted to provide additional reassurance that we’re doing the most we possibly can to ensure safe, secure payments. And because so many users take advantage of our payment integrations (more than 20 now!), it was a necessary step to achieve the next level of security certification.
Why is Level One significant?
Jotform has been Level II certified for a while now, but the new designation means that we’ve passed several tests required for certification. This includes a penetration test, internal scan, and an annual report on compliance by a third party security assessor, among other requirements.
Our PCI Certificate of Compliance validity start date is Sep. 15, 2018.

UPDATE: Our PCI Certification of Compliance has been renewed. New certification is valid until Sep. 12, 2024.

Your security will always be a top concern of ours at Jotform. Feel free to ask any questions that you may have!
Send Comment:
27 Comments:
I'm glad to be a part of the platform as well I'm so excited
Glad to be a part of Jotform.
Is this included in all subscriptions?
To yous'suited services topics others GDRP purposesame goldgateither respectifs personal data controls transfers to and third parties websites this see termed and conditions of time to time perfectshe at privacy policies.
Thanks to times.
Hi. Is there a possibility to get the actual document of this certification? Here in the EU, all certifications should be accessible for customers to see. For example, in our business platform you can find the ISO/IEC 27001/2014 certification just by clicking on the logo shown in our website ().
Where can I find a copy of your AOC?
Dear Sir,
I am Gurpreet Singh Duggal Director of Discover Leisure Tours & Travels Pvt Ltd we are into travel agency business from past 30 years i have applied IATA Accreditation for our our Organization to get approval to issue ticket for our customers as per the Guidelines of IATA they require PCI DSS certification enable to get approval from them request plz tell your team to send your requirement on my E-Mail id info@dlttpl.com with concern person contact details to proceed further
Does this apply to ALL of the PayPal options. For example, if I choose an option that collects credit card data on the form, and then embed that form on MY website, do i need to be separately PCI compliant, or does your compliance suffice?
Thanks
Please call me ty 7274342264
Good to watch
I need a PCI DSS compliance attestation or certificate in our name for using jotform Authorize.Net as our checkout provider that I can send to the bank for my Merchant Account.
Can you please provide that to me. Thanks in advance...
i am currently involved in a project/program for state government that is trying to prove to the IRS and State Legislators that our state systems are PCI compliant. with the thousands of hours annually needed to provide this, i want to understand how your company can save state government time and money, and keep that time and money towards more meaningful state government work.
<p></p>
<p></p>I also read a little about Aytekin Tank's life/leadership style and i like it. That's why i'm am contacting you.
<p></p>Thank you,
<p></p>Erwin de Leon
<p></p>517 285 1989
I am trying to contact you to change Our credit card number for autopsy. How do I get this done?
necesito mas información gracias
Dear Sir, I was surprised to be advised that I was a spammer, and my query was blocked. I had lodged several queries about the difficulty in finding ways to do certain functions, for instance, how do I get to transfer people who have registered on Jotform, to my own business program. I have been unable to find any instruction to this effect. as a result, to transfer names and details, I must write it out and then type it into my own program listings. I wanted to get an instruction to this effect, only to be advised that your people believed it spam and so blocked. Is this how your company brag about no complaints?
<p></p>Regards
<p></p>Boyd Ackland ( customer over several years.)
Congratulations!
need a generic minister ordination certifiate
Does your level 1 compliance now allow me to collect debit and credit card info and checking account numbers and routing numbers in the forms without having to immediately process a payment via one of your approved payment integration partners? (I ask because we prefer to manually enter our clients card information in the merchant account system ourselves.)
thank you , Congratulations
Congrats
Congrats!!!!!
<p></p>
<p></p>
<p></p>
Congrats
<p></p>
congrats
great..congratulations
congratulations
Congratulations!
Does this new level of achievement change the scenario for companies that accept credit card authorization forms from clients, and then manually processes payments via a third-party's payment system? In other words, would my company be able to collect credit card info from our clients, without using one of your payment integration partners?
<p></p>