PCI Compliance

PCI Compliance doesn't get much easier than this. No matter what payment gateway you use, all businesses running on Kiva Logic only need to fill out an SAQ A form.

If your bank requires that your business needs to show PCI compliance for your website, with Kiva Logic all you have to do is fill out an SAQ A form- that's it! All of our payment gateway integrations are hosted forms or redirects, meaning no credit card information is ever entered into your website or the database.

The only data that we store is a token provided by the payment gateway. No credit cards, expiration dates, or security codes ever even touches the Kiva Logic servers, so it is impossible for us to store. This keeps you safe, your customers safe, and makes PCI compliance a breeze.

SAQ A Answers

If you use Stripe.com, you can download a pre-filled SAQ A form. If you have to fill out the form yourself, here are some questions and answers to help you fill out your SAQ A form:

How do you accept payment cards? e-commerce store

Do you use a third party hosting company to host your website? YES

Your website hosting company: Other (please specify): Kiva Logic

Are your online customers redirected from your company's website to a payment gateway/processor hosted payment webpage/ iFrame to process card payments? YES

Do you provide your customers with the ability to enter payment card data directly into your website(s) for processing? NO

Who developed your e-Commerce store? Built by an external third party or agency

Web development company name: KIVA LOGIC LLC

Your payment service provider: (stripe.com, authorize.net, payfast, paypal, etc goes here)

Is your Payment Service Provider PCI compliant? Can you verify or provide proof that your Payment Service Provider is PCI Compliant for the services they provide you? YES

Have you verified with your Payment Service Provider (PSP) that they do not pass card data back to your payment application or website? YES

Your website shopping cart: Other (please specify): Kiva Logic

Does anyone in your organization send or receive full card numbers via email or instant messaging? NO

Does your company otherwise store, transmit or receive cardholder data electronically in any other way and for any other purpose? This could be via CD-ROM, USB drive or an internet network. NO

Do you have an active merchant account with any other merchant services provider? NO

How and in what capacity does your business store, process and/or transmit cardholder data? USE ONE OF THE ANSWERS BELOW:

  • Authorize.net: Cardholder data is collected using Authorize.net AcceptUI.js form along with the Authorize.net Customer Information Manager (CIM) and no cardholder data is ever stored or processed by our business. Cardholder data is sent directly to Authorize.net via a hosted form, and Authorize.net provides a token to process payments for each customer and the token is the only data we have access to and store.

  • Stripe.com: Cardholder data is collected using a Stripe.com Checkout.js hosted form and no cardholder data is ever stored or processed by our business. Cardholder data is sent directly to Stripe.com via a hosted form, and Stripe.com provides a token to process payments for each customer and the token is the only data we have access to and store.

  • PayFast.co.za: Customers are redirected to a form hosted by PayFast.co.za when prompted for payment information, and no cardholder data is ever stored or processed by our business. Cardholder data is collected directly by Payfast, and Payfast provides a token to process payments for each customer and the token is the only data we have access to and store.

Stripe

PCI Compliance: PCI-DSS SAQ A

Kiva Logic Stripe Integration

When visitors are prompted to enter in their payment information, the Stripe.com Checkout.js solution uses a hosted form (by Stripe) for customers to enter in their payment details. This means that the credit card information goes directly to Stripe.com without ever touching the Kiva Logic servers. If accepted, Stripe.com will return a token that is used on the new customer account for future payments.

Stripe.com provides a pre-filled SAQ A form- all you have to do is log in to your Stripe account and download it- literally the easiest PCI compliance ever!

Authorize.net

PCI Compliance: PCI-DSS SAQ A

Kiva Logic uses the Authorize.net Accept.js integration, so when customers need to enter in their payment info, a hosted form provided by Authorize.net is used. The customer's payment information is then sent directly to Authorize.net without ever touching the Kiva Logic servers. If accepted, Authorize.net then returns a token that is used to process future payments for the customer. No credit card information touches the Kiva Logic servers at all.

To fulfil your PCI requirements for your ecommerce website, you will have to fill out an SAQ A form. Unfortunately, Authorize.net does not provide a pre-filled form at this time, so you have to fill it out yourself.

Payfast.co.za

PCI Compliance: PCI-DSS SAQ A

Using the Kiva Logic Payfast gateway integration, as the final step in the sign-up process customers are redirected to a page hosted by PayFast to enter in their payment details. This means no credit card data is ever touched by Kiva Logic servers, and it means that you can be PCI compliant on your ecommerce website simply by filling out an SAQ A form.