The Payment Card Industry (PCI) Data Security Standards (DSS) regulate the storage and management of credit card details issued by the major card schemes.
Each PCI DSS level has its own set of requirements. Certification for most of these PCI levels involves submitting a self-assessment questionnaire (SAQ), to evaluate the company’s compliance to the various PCI DSS standards. Other factors taken into account include the company’s: card transaction volume, card acceptance channels used, security posture and practices, and business complexity, etc.
Each Nuvei Solution set (Nuvei Integration Type) defines the merchant’s involvement in the process of collecting customer credit card details, as well as the merchant’s PCI reporting responsibilities, as described below:
|Nuvei Integration Type||Who Collects Card Details||Merchant PCI Responsibilities|
|Pure API||The merchant - Collects from their checkout or payment page||
|Hosted Payment Page||Nuvei - Using Nuvei Checkout Page||
|Web SDK Fields||Nuvei - Collects directly from the merchant page||
||The merchant - Collects and passes it to Nuvei directly from their frontend||
This SDK is a set of components for building checkout flows that are ready to collect user data. It tokenizes sensitive data from within the Nuvei Fields, without needing to communicate with your server.
- Card brand identification
- PCI compliance with SAQ A
- Customizable styling to match the look and feel of your checkout page
- Responsive design that fits all your customer’s devices
- Field placeholders that match your customer’s preferred language
- Field formatting and masks
- Real-time input validation
- Error messages
- Predefined events, to which you can subscribe
- You can invoke a set of predefined methods on Nuvei Fields
- Accessibility support
- Localized messages and placeholders
- Web fonts support
- Click-targets automatic set on labels for seamless integration
Refer to Nuvei Fields for a step-by-step guide.
Nuvei has PCI accreditation which allows us to store and manage customer card details for later use. When a customer wishes to make a payment, they can simply select one of their stored payment methods, eliminating the need to re-enter the card details.
When a user makes a payment, you send the payment option details (e.g. card, expiration date, CVV) along with a User Token ID (
userTokenId), which identifies the user for whom we will manage the payment options. The response for each payment request returns an identifier for the newly used payment option called User Payment Option ID (
The next time the end user makes a payment, you do not need to collect the payment option details again. Instead, you just need to use the
userTokenId and the
userPaymentOptionId fields when requesting the payment.