Cardholder data

Handle sensitive cardholder data on your PCI DSS compliant server.

When you accept credit and debit card payments using a payment page or payment component, MultiSafepay handles the sensitive cardholder data, including:

  • Primary account number (PAN)
  • Cardholder name
  • Service code
  • Expiry date

We bear the risk and responsibility for PCI DSS compliance.

Alternatively, you can collect cardholder data through other means. Because you will then handle sensitive data on your own server before sending it to MultiSafepay, you must also have PCI DSS certification.

You are responsible for arranging certification, which is a complex, time-consuming, and expensive process. Consider carefully if this makes sense for your business model.

Activation

  1. To check your eligibility to use this feature, email [email protected]
    Specify in your request:
    • The payment methods you want to integrate
    • The sites under your account this applies to
    • The type of products you will sell
    • Your average order values and volumes, and any available processing statements.
  2. We check your account and company performance.
  3. Email proof of your PCI DSS certification and an activation request to [email protected]
  4. If approved, we complete activation.

Integration

See API reference – Create order > Card order.
Set type to direct.

3DS2

When you collect cardholder data, you must also collect the contextual information about the customer's device (fingerprint) required for 3DS2 authentication. The fingerprint can be created through JavaScript interfaces and methods in the customer's browser.
⚠️ Note: Some details are required to comply with scheme regulations. For exmaple, transactions created with payment method VISA must include correct information in the email or phone parameter.

To learn how to create a fingerprint, see Recipe – Create a customer.browser object .


User guide

Maintenance

You must provide us with your:

  • Attestation of Compliance each year
  • Approved Scanning Vendor reports every 3 months

Payment methods

The table below sets out supported payment methods and their respective 3D Secure authentication requirements:

CardAuthentication protocol
American ExpressAmerican Express Safekey – mandatory for transactions above 30 EUR
Bancontact3D Secure only
Maestro3D Secure only
MastercardMastercard SecureCode and non-3D Secure payments
VisaVerified by Visa and non-3D Secure payments


💬

Support

Email [email protected]

Top of page