Security standards compliance
Smart Router encrypts all confidential data (such as credit card details) before sending it back to our secure vault for storage and processing. The vault complies with the highest-level security specified by the Payment Card Industry Data Security Standard (PCI DSS). See the security declaration on our main website for full details of the standards and encryption methods we use.
PCI DSS in your app
To check your compliance with PCI DSS in your own app code, you must follow the appropriate Self-assessment questionnaire (SAQ).
If your app uses only
ProcessOut.js to tokenize cards
and you process fewer than
6 million card transactions per year
with any given card scheme then you are
covered by SAQ A
(ie, card-not-present merchants, all cardholder data functions fully
outsourced). This is the easiest SAQ to comply with and requires the
least amount of work for you to implement. See the
PCI Security Standards Council website
for full details of the SAQs and all other aspects of their
EU Payment Services Directive 2
Since 2016, the European Union has enforced Payment Services Directive 2. Among other requirements, this legislation forces PSPs to use strong customer authentication (SCA), which is basically multi-factor authentication that helps to improve security for electronic payments. SCA is usually implemented according to a protocol called 3-D Secure 2 (3DS2), which specifies when a transaction carries enough risk to require extra authentication. SCA is required for payments in and out of the EU, the European Economic Area, and the United Kingdom, where PSD2 is enforced by the Financial Conduct Authority.
The good news is that Smart Router is fully compliant with PSD2, SCA and 3DS2 without any extra effort from you while developing your app.