PCI DSS compliance
The Payment Card Industry Data Security Standard (PCI DSS) helps you protect cardholder details, reduce fraud, and minimize the chances of a data breach resulting from malicious attacks. Complying with the requirements helps you maintain your customer’s trust.
Every year, every business must make sure they comply with PCI DSS by completing one of the official PCI DSS validation documents. There are significant penalties and costs for businesses that don’t comply with the requirements.
Obtain card information
You might have to collect card information (Card number, Expiry date, or Security code) to complete online or in-person purchases
Adyen doesn’t share card information of your cardholders because of the strict compliance rules on how to process and store card data. If you need to access card information, Adyen offers the Reveal API. This is an API integration and component on your website or application (the “client side”), that lets you communicate sensitive card data to your cardholders in an encrypted fashion. Your internal systems won’t be able to read the card information, the information can only be decrypted on the client side. Hence, you reduce the risk of inadvertently storing or processing card information against the compliance rules.
If you use a one-time-use virtual card model, the rules are less restrictive, and depending on your use case we might be able to communicate card information to you directly during card issuing. This can be discussed with your Adyen contact.
Note: This document should only be used for guidance purposes, and should not be taken as definitive advice. You should always consult your acquirer or a PCI DSS Qualified Security Assessor (QSA) for clarification.