PCI DSS Guidance
Any merchant accepting payments must comply with the PCI Data Security Standards (PCI DSS). Flex Microform’s approach facilitates PCI DSS compliance through self-assessment and the storage of sensitive PCI information.
Self Assessment Questionnaire
Flex Microform handles the card number input and transmission from within iframe elements served from Cybersource controlled domains. This approach can qualify merchants for SAQ A -based assessments. Related fields, such as card holder name or expiration date, are not considered sensitive when not accompanied by the PAN.
Storing Returned Data
Responses from Flex Microform are stripped of sensitive PCI information such as card number. Fields included in the response, such as card type and masked card number, are not subject to PCI compliance and can be safely stored within your systems. If you collect the CVN, note that it can be used for the initial authorization but not stored for subsequent authorizations.