Compliance with PCI DSS standards
wallee.com is audited annually by a PCI auditor. the result of this audit is our PCI DSS Level 1 certification. This is the highest level of certification in the online payment industry. To achieve this level of certification, we must use best-in-class security tools and practices to provide you with a high level of security.
Learn how wallee.com can significantly reduce PCI DSS scope and still achieve fully integrated credit card acceptance without redirection to a payment page. wallee.com is a PCI DSS Level 1 compliant payment service provider. Our service ensures that sensitive card data never touches your servers. The certification means that we are contractually obliged to work only with PCI Level 1 compliant providers and you can rely on our certification. For you, this means completing an annual self-assessment questionnaire consisting of 12 questions. That's all.
We are PCI Level 1 Compliant
wallee.com is a Level 1 Service Provider, which is the highest level of data security in the credit card industry. You can access our current compliance documents here: PCI DSS Validation Certificate
If you are asked by your acquiring bank for proof of certification, please feel free to pass on the above documents. If you have any further questions about PCI compatibility, please contact our support.
Who needs to be PCI compliant?
If you are a merchant that accepts credit card payments online, your acquirer contractually requires PCI DSS compliance. Based on the way payment data collection is handled in your online shop, this can lead to costly and time-consuming audits that require massive investments in your security infrastructure. If you do not do this properly and credit card data is stolen, this can lead to heavy fines. By using our service, we ensure that sensitive card data never touches your servers. This means that we are contractually obliged to work only with PCI Level 1 compliant providers and you can rely on our certification.
What type of assessment is required
All wallee.com users processing credit card payments must be compliant with the PCI Data Security Standards (PCI DSS). The payment page and iFrame integration complies with all Self-Assessment Questionnaire (SAQ - A) requirements and security requirements by performing all sensitive card data transfers within the payment page or iframe hosted by Wallee.
It is ultimately up to your merchant / acquiring bank to define what is required to prove your PCI compliance. When working with wallee.com, you will be able to rely on our PCI certification and only need to complete the Self-Assessment Questionnaire (SAQ - A).
If you have further questions about PCI compatibility, please contact our support.
We take safety seriously.
Your data is encrypted on data carriers based on the latest technology. The decryption keys are stored on separate machines. None of our internal servers are able to view plain text card numbers, customer data or your configuration data.
Despite the care we put into the development of our product, there is still a chance that we have not taken something into account and a bug exists. For this reason, we ask you to let us know as soon as possible if you come across a security-relevant error or bug.
Our security team quickly investigates any reported security issues. If you believe you have discovered a flaw in our security, please contact our support team (optionally you can use our general PGP key, see below). We will respond to your request as soon as possible.
We ask that you do not disclose the problem publicly until we have had a chance to resolve the problem first. This will increase your safety.