Anyone involved with the processing, transmission, or storage of credit card data must comply with the Payment Card Industry Data Security Standards (PCI DSS). Juspay makes this easy for you to do, and you can set up a fully PCI-compliant integration by taking the following steps:
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both frequently referred to as "SSL", are cryptographic protocols that provide communications security over a network. When secured by TLS, connections between a client (e.g., a web browser) and a server (e.g., wikipedia.org) have one or more of the following properties:
TLS is designed to prevent eavesdropping and tampering. The supported TLS protocols as per the latest standards are - TLS 1.0 (deprecated), TLS 1.1 and TLS 1.2.
Recommended to use TLS 1.2 for maximum security.
A digital certificate - a file issued by a certification authority (CA) - is needed in order to use TLS. When installed, this certificate assures the client that it's really communicating with the server it expects to be talking to, not an impostor. Additionally, your customers are more comfortable sharing sensitive information on pages visibly served over HTTPS, which can help increase your customer conversion rate.
So long as you ensure that the cardholder data doesn't come in direct contact with your website or servers, your compliance level can remain the easiest - SAQ A. Any deviation can significantly increase the compliance requirements. We have summarized below various scenarios for your quick reference:
|Mechanism||Card entry environment||Compliance Requirement|
|Redirection to hosted page||User is redirected from your website. User enters complete card data is in payment page rendered from Juspay's domain||SAQ - A|
|Embedded iFrame||You embed Juspay's iFrame in your checkout page. User enters complete card data in iFrame served from Juspay's domain||SAQ - A|
|Pay-v2.js||Cardholder data is captured on your website but transmitted using Juspay's iFrame||SAQ - A EP|
|Pay-v3.js||Juspay renders card input elements as iFrame from Juspay's domain. User data is captured directly in Juspay's iFrame and transmitted using Juspay's iFrame.||SAQ - A|
|Direct Card API||You use Juspay's API to send cardholder data||SAQ - D|
For any queries relating to security, you may write to firstname.lastname@example.org.