What payment processors/gateways does the system support?
Explanation
List every payment processor or gateway your system integrates with to handle payment card transactions. Payment processors are companies that handle credit card transaction processing between merchants, banks, and customers (like Stripe, PayPal, Square). Payment gateways are the technology that captures and transfers payment data from the customer to the acquirer (like Authorize.net, Braintree).
This question is being asked as part of PCI DSS (Payment Card Industry Data Security Standard) compliance assessment. PCI DSS is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment. By understanding which payment processors your system uses, the assessor can:
- Verify that you're using approved and compliant payment processors
- Understand your payment data flow and potential security risks
- Determine the scope of PCI compliance requirements for your system
- Assess whether you're properly integrating with these processors in a secure manner
To best answer this question:
- List all payment processors/gateways your system integrates with
- Specify how you integrate with them (API, redirect, iframe, etc.)
- Mention if you use any specific SDKs or libraries for these integrations
- Clarify whether your system stores any payment card data or if it's all handled by the processors
- If applicable, note which processors are your primary vs. backup options
Guidance
Refer to PCI DSS Security Standards for supplemental guidance in this section
Example Responses
Example Response 1
Our system supports the following payment processors/gateways: 1) Stripe - We use their Payment Intents API for direct credit card processing and their Connect platform for marketplace payments Integration is via their official Node.js SDK 2) PayPal - We offer PayPal as an alternative payment method using their Express Checkout flow, which redirects users to PayPal to complete payment 3) Braintree - Used as a backup processor for credit card transactions when Stripe is unavailable, integrated via their JavaScript SDK with a hosted fields implementation Our system does not store any credit card data; all payment information is tokenized and processed directly by these PCI-compliant processors.
Example Response 2
Our application integrates with Authorize.net as our primary payment gateway using their Accept.js library, which ensures credit card data never touches our servers We also support Square for in-person payments through their Point of Sale API and SDK For cryptocurrency payments, we integrate with Coinbase Commerce All integrations follow the respective processor's security best practices, and our system is designed to be a PCI SAQ-A compliant implementation where we never store, process, or transmit cardholder data directly.
Example Response 3
Currently, our system does not integrate with any formal payment processors or gateways Instead, we collect credit card information directly through our web forms and manually process these transactions through a virtual terminal provided by our bank We store the credit card numbers in our encrypted database for recurring billing purposes We recognize this approach doesn't align with PCI DSS best practices, and we're actively working to migrate to a PCI-compliant payment processor (evaluating Stripe and Braintree) within the next quarter to eliminate our need to handle card data directly.
Context
- Tab
- Case-Specific
- Category
- Payment Card Industry Data Security Standard (PCI DSS)
Related questions
- Do you have a current, executed within the past year, Attestation of Compliance (AoC) or Report on Compliance (RoC)?
- Is the application listed as an approved Payment Application Data Security Standard (PA-DSS) application?
- Does the system or solutions use a third party to collect, store, process, or transmit cardholder (payment/credit/debt card) data?
- Do your systems or solutions store, process, or transmit cardholder (payment/credit/debt card) data?
- Are you compliant with the Payment Card Industry Data Security Standard (PCI DSS)?
- Are you classified as a service provider?

