PCI DSS Guidance
Any merchant accepting payments must comply with the PCI Data Security Standards (PCI DSS). Flex Microform’s approach facilitates PCI DSS compliance through self-assessment and the storage of sensitive PCI information.
Self Assessment Questionnaire
Flex Microform handles the card number input and transmission from within iframe elements served from CyberSource controlled domains. This approach can qualify merchants for SAQ A-based assessments. Other fields, such as CVV and expiry data, are not considered sensitive data when not accompanied by the PAN.
Storing Returned Data
Responses from Flex Microform are stripped of sensitive PCI information such as card number. Fields included in the response, such as card type and masked card number, are not subject to PCI compliance and can be safely stored within your systems. If you collect the CVV, note that it can be used for the initial authorization but not stored for subsequent authorizations.