Custom Gateway are PCI DSS Level 4 compliant
Detailed below is our Self Assessment Questionnaire A (SAQ) for companies where all payment processing functions is fully outsourced and no electronic cardholder data storage.
We confirm we meet the following eligibility criteria.
Your company accepts only card-not-present (e-commerce or mail/telephone-order) transactions;
That is correct we only use hosted payment Gateway via Gateway OMS or Smartlinks
All processing of cardholder data is entirely outsourced to PCI DSS validated third-party service providers;
That is correct we only use hosted platforms provided by Secure trading, Paypal, Authorise.net & Stripe
Your company does not electronically store, process, or transmit any cardholder data on your systems or premises, but relies entirely on a third party(s) to handle all these functions;
That is correct where a repeat payment is required we only store a token provided by the PCI DSS compliant provider
Your company has confirmed that all third party(s) handling storage, processing, and/ortransmission of cardholder data are PCI DSS compliant;
We have checked the certification from the payment providers we use
Any cardholder data your company retains is on paper (for example, printed reports or receipts),and these documents are not received electronically.
We do not retain any data on paper as do not take credit card details ourselves
Additionally, for e-commerce channels:
All elements of all payment pages delivered to the consumer’s browser originate only and directly from a PCI DSS validated third-party service provider(s).
That is correct we only use hosted payment gateways