On This Page
PCI DSS Guidance
Any merchant accepting payments must comply with the
PCI Data Security Standards (PCI DSS). Flex Microform’s approach
facilitates PCI DSS compliance through self-assessment and the storage
of sensitive PCI information.
Self Assessment Questionnaire
Flex
Microform handles the card number input and transmission from within
iframe elements served from CyberSource controlled domains. This
approach can qualify merchants for SAQ A-based assessments. Other fields, such
as CVV and expiry data, are not considered sensitive data when not
accompanied by the PAN.
Storing Returned Data
Responses
from Flex Microform are stripped of sensitive PCI information such
as card number. Fields included in the response, such as card type
and masked card number, are not subject to PCI compliance and can
be safely stored within your systems. If you collect the CVV, note
that it can be used for the initial authorization but not stored
for subsequent authorizations.