PCID-10

What payment processors/gateways does the system support?

Explanation

This question is asking you to identify all payment processors or payment gateways that your system integrates with to handle payment card transactions. Payment processors are companies that handle credit card transaction processing between merchants, banks, and customers (like Stripe, PayPal, Square). Payment gateways are the technology that captures and transfers payment data from the customer to the acquirer (like Authorize.net, Braintree). This question is being asked as part of PCI DSS (Payment Card Industry Data Security Standard) compliance assessment. PCI DSS is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment. By understanding which payment processors your system uses, the assessor can: 1. Verify that you're using approved and compliant payment processors 2. Understand your payment data flow and potential security risks 3. Determine the scope of PCI compliance requirements for your system 4. Assess whether you're properly integrating with these processors in a secure manner To best answer this question: - List all payment processors/gateways your system integrates with - Specify how you integrate with them (API, redirect, iframe, etc.) - Mention if you use any specific SDKs or libraries for these integrations - Clarify whether your system stores any payment card data or if it's all handled by the processors - If applicable, note which processors are your primary vs. backup options

Guidance

Refer to PCI DSS Security Standards for supplemental guidance in this section

Example Responses

Example Response 1

Our system supports the following payment processors/gateways: 1) Stripe - We use their Payment Intents API for direct credit card processing and their Connect platform for marketplace payments Integration is via their official Node.js SDK 2) PayPal - We offer PayPal as an alternative payment method using their Express Checkout flow, which redirects users to PayPal to complete payment 3) Braintree - Used as a backup processor for credit card transactions when Stripe is unavailable, integrated via their JavaScript SDK with a hosted fields implementation Our system does not store any credit card data; all payment information is tokenized and processed directly by these PCI-compliant processors.

Example Response 2

Our application integrates with Authorize.net as our primary payment gateway using their Accept.js library, which ensures credit card data never touches our servers We also support Square for in-person payments through their Point of Sale API and SDK For cryptocurrency payments, we integrate with Coinbase Commerce All integrations follow the respective processor's security best practices, and our system is designed to be a PCI SAQ-A compliant implementation where we never store, process, or transmit cardholder data directly.

Example Response 3

Currently, our system does not integrate with any formal payment processors or gateways Instead, we collect credit card information directly through our web forms and manually process these transactions through a virtual terminal provided by our bank We store the credit card numbers in our encrypted database for recurring billing purposes We recognize this approach doesn't align with PCI DSS best practices, and we're actively working to migrate to a PCI-compliant payment processor (evaluating Stripe and Braintree) within the next quarter to eliminate our need to handle card data directly.

Context

Tab: Case-Specific
Category: Payment Card Industry Data Security Standard (PCI DSS)