Handle sensitive cardholder data on your PCI DSS compliant server.
When you accept credit and debit card payments using a payment page or payment component, MultiSafepay handles the sensitive cardholder data, including:
- Primary account number (PAN)
- Cardholder name
- Service code
- Expiry date
We bear the risk and responsibility for PCI DSS compliance.
Alternatively, you can collect cardholder data through other means. Because you will then handle sensitive data on your own server before sending it to MultiSafepay, you must also have PCI DSS certification.
You are responsible for arranging certification, which is a complex, time-consuming, and expensive process. Consider carefully if this makes sense for your business model.
- To check your eligibility to use this feature, email [email protected]
Specify in your request:
- The payment methods you want to integrate
- The sites under your account this applies to
- The type of products you will sell
- Your average order values and volumes, and any available processing statements.
- We check your account and company performance.
- Email proof of your PCI DSS certification and an activation request to [email protected]
- If approved, we complete activation.
See API reference – Create order > Card order.
To learn how to create a fingerprint, see Recipe – Create a customer.browser object.
You must provide us with your:
- Attestation of Compliance each year
- Approved Scanning Vendor reports every 3 months
The table below sets out supported payment methods and their respective 3D Secure authentication requirements:
|American Express||American Express Safekey – mandatory for transactions above 30 EUR|
|Bancontact||3D Secure only|
|Maestro||3D Secure only|
|Mastercard||Mastercard SecureCode and non-3D Secure payments|
|Visa||Verified by Visa and non-3D Secure payments|
Email [email protected]
Updated 6 months ago