FAQ around Security and PCI Compliance

This article is designed to answer some common questions around security related to accepting payments with Payable Apps.

Are Payable Apps Secure and Safe for my Customers?

Yes. Because of the way we integrate with various payment providers (eg. PayPal, Stripe), neither our systems our your documents ever transmit or store any card data. Because of this modern integration style, all sensitive card data is encrypted directly in the client's browser and then sent directly to the payment provider. This makes it impossible for Payable or your Form to expose, leak, or allow personal card data be hacked. Our API's and checkout page leverages SSL and SHA-384 with RSA Encryption cycled every 3 months.

Is your solution PCI Complaint?

Yes. Payable is currently processing at PCI Level 3 Volume Tier and completes the annual SAQ. The PCI Security Standards Council has published a series of changes to eligibility requirements for SAQ A. This allow partners and merchants that use input fields hosted by a payments provider to be eligible for the simplest PCI validation method. SAQ A-EP

What data do you have access to?

Payable only have access to Google documents the add-on was specifically activated in. We only transmit Form data that is related to payments or includes money amount in the answer. All other data is ignored and not transmitted. We use these {label} - {amount} to set up the checkout and pass this on to the connected payment provider.

Updated on: 10/12/2021