Welcome to our Technical Kickoff!
We're excited to partner with you and help you start building on the TabaPay APIs. Before diving in, we have one important question:
Are you accepting payment cards for your service?
If the answer is yes, this guide will walk you through what you need to know to ensure you are PCI compliant before collecting or handling any card data.
What is PCI-DSS?PCI-DSS stands for Payment Card Industry Data Security Standard. Also see PCI Security Standards Council.
For more information on PCI, refer to PCI DSS Compliance with TabaPay Card Processing.
How to Become PCI compliant with TabaPay
The process depends on on two factors:
- Your card volume, and
- Your card entry method (how you collect cardholder data).
Learn more about volume and card entry criteria along with the types of documents your team will need to submit to TabaPay.
Do you have a SAQ D or a 3rd party for PCI?
- If you are using a 3rd party for PCI, please let us know who it is at [email protected].
- If you have you own Self-Assessment Questionnaire (SAQ) D please contact [email protected] for more information to get started.
How to Collect Cardholder Data Through TabaPay
You can capture card holder data using a PCI compliant environment and pass tokenized card data.
1. Use the Browser SDK (Recommended)
The Browser SDK allows you to securely collect cardholder data in a PCI-compliant way and tokenize it.
2. Pass your TabaPay Tokens
Store payment instruments securely and pass only tokenized data using:
- Create Account API: Generates a unique accountID token
- TabaPay Tokens: Overview of accountID/tokens
3. RSA Encryption (Alternative PCI Path)
If you maintain your own PCI environment and want to pass encrypted card data directly: