Do I have to be PCI compliant to use server to server integration?

Do I have to be PCI compliant to use server to server integration?

In all cases, PCI certification is taken care of by the merchant if they wish to get certified. PCI compliance ensures that customers' sensitive card holder data are handled securely and safely when entered on a merchant's website, app or platform.

If a merchant needs to get certified for PCI then the complexity of the certification changes depending on your integration approach:

Using our Plugins - This simplifies the process for you to a large extent and helps you qualify for SAQ-A which is a self-assessment questionnaire based approach to certification with a quarterly vulnerability scan. Basically in this approach you say that you have "outsourced" all sensitive data handling function to a certified third party.

Using the Server to Server API - will require you to comply with more of the elements of the PCI guidelines in case you wish to be certified. This can be more complicated in terms of securing your servers and potentially establishing specific data handling policies on your end even though you do not store card data. However there are a large number of merchants in SA that use this approach since most other PSP's dont really offer a JS widget based option as above (the alternative is to use a hosted payment page).

So overall we do recommend using the Plugin approach if it is possible but it has its limitations in terms of UI and UX options since there are strict policies and services in place to comply with the SAQ-A process.

For Native apps - we offer native SDKs as well for iOS and Android which make the integration easier and also prevent card data from touching your server.

    • Related Articles

    • Rapid Payments Logos for use by Merchants

      Please click here to download the "Secure Payments By Rapid Payments" logo options for use on your platform/website/store. Please ensure to adhere to our LOGO Guide, which is also downloadable for your review here. Please note that you may resize ...

    • Integration guide for Rapid Instant EFT

      Summary of steps to get setup: 1. Log into the Rapid Instant EFT Platform here. (you can request credentials at help@rapidpaycollect.co.za); 2. Create API username and password (You will need these credentials for technical integration); 3. Integrate ...

    • Compliance with The Protection of Personal Information Act (POPI Act)

      Protecting your privacy rights and safeguarding personal information when processed is important to Rapid Payments.  Rapid Payments has adapted its systems and procedures to comply with the provisions of The Protection of Personal Information Act ...

    • How can I be sure Customer Details are SAFE - Security on Rapid Payments for Card and Instant EFT payments

      This article gives some info on how to be sure that your customers' sensitive details are secure on Rapid Payments platforms.     Our systems do not process a transaction if it is not authenticated by the customer. There are special workflows, eg. ...

    • Terms and Conditions on Merchant Platform - Rapid Payments Guide

      What information can I give my customers on my FAQ or terms and conditions page This is a suggestion for your website's terms and conditions section / page Read some background information on how Rapid Payments helps to keep payments secure. WHY IS ...