On This Page
PCI DSS Guidance
Any merchant accepting payments must comply with the PCI Data Security Standards (PCI
DSS).
Microform Integration
’s approach facilitates PCI DSS compliance through
self-assessment and the storage of sensitive PCI information.Self Assessment Questionnaire
Microform Integration
handles the card number input and transmission from within iframe elements
served from Cybersource
controlled domains. This approach can
qualify merchants for SAQ A-based assessments. Related fields,
such as card holder name or expiration date, are not considered sensitive when not
accompanied by the PAN.Storing Returned Data
Responses from
Microform Integration
are stripped of sensitive PCI information such as card
number. Fields included in the response, such as card type and masked card number,
are not subject to PCI compliance and can be safely stored within your systems. If
you collect the CVN, note that it can be used for the initial authorization but not
stored for subsequent authorizations.