Cardholder data
Handle sensitive cardholder data on your PCI DSS compliant server.
When you accept credit and debit card payments using a payment page or payment component, MultiSafepay handles the sensitive cardholder data, including:
- Primary account number (PAN)
- Cardholder name
- Service code
- Expiry date
We bear the risk and responsibility for PCI DSS compliance.
Alternatively, you can collect cardholder data through other means. Because you will then handle sensitive data on your own server before sending it to MultiSafepay, you must also have PCI DSS certification.
You are responsible for arranging certification, which is a complex, time-consuming, and expensive process. Consider carefully if this makes sense for your business model.
Activation
- To check your eligibility to use this feature, email [email protected]
Specify in your request:- The payment methods you want to integrate
- The sites under your account this applies to
- The type of products you will sell
- Your average order values and volumes, and any available processing statements.
- We check your account and company performance.
- Email proof of your PCI DSS certification and an activation request to [email protected]
- If approved, we complete activation.
Integration
See API reference – Create order > Card order.
Set type
to direct
.
3DS2
When you collect cardholder data, you must also collect the contextual information about the customer's device (fingerprint) required for 3DS2 authentication. The fingerprint can be created through JavaScript interfaces and methods in the customer's browser.
⚠️ Note: Some details are required to comply with scheme regulations. For exmaple, transactions created with payment method VISA must include correct information in the email
or phone
parameter.
To learn how to create a fingerprint, see Recipe – Create a customer.browser object .
User guide
Maintenance
You must provide us with your:
- Attestation of Compliance each year
- Approved Scanning Vendor reports every 3 months
Payment methods
The table below sets out supported payment methods and their respective 3D Secure authentication requirements:
Card | Authentication protocol |
---|---|
American Express | American Express Safekey – mandatory for transactions above 30 EUR |
Bancontact | 3D Secure only |
Maestro | 3D Secure only |
Mastercard | Mastercard SecureCode and non-3D Secure payments |
Visa | Verified by Visa and non-3D Secure payments |
Support
Email [email protected]
Updated 3 months ago