PCI and Tokenization

Home    Online Payments    Card Operations    PCI and Tokenization

On this page:

Overview

The Payment Card Industry (PCI) Data Security Standards (DSS) regulate the storage and management of credit card details issued by the major card schemes.

PCI Certification

Each PCI DSS level has its own set of requirements. Certification for most of these PCI levels involves submitting a self-assessment questionnaire (SAQ) to evaluate the company’s compliance to the various PCI DSS standards. Other factors taken into account include the company’s: card transaction volume, card acceptance channels used, security posture and practices, and business complexity, etc.

Credentials Collection, Storage, and PCI Reporting

Each Nuvei Solution set (Nuvei Integration Type) defines the merchant’s involvement in the process of collecting customer credit card details, as well as the merchant’s PCI reporting responsibilities as described below:

Merchant PCI Responsibilities

Nuvei Integration MethodWho Collects Card DetailsMerchant PCI Responsibilities
Payment Page
(hosted page)		Nuvei
Using Nuvei Payment Page.
  • Submit the Simplest SAQ-A form
    (stating you outsource PCI to Nuvei).
Simply ConnectNuvei
Collects from their checkout or payment page.
  • Submit the Simplest SAQ-A form
    (stating you outsource PCI to Nuvei).
Web SDK with Nuvei FieldsNuvei
Collects directly from the merchant page.
  • Submit the Simplest SAQ-A form
    (stating you outsource PCI to Nuvei).
Web SDK without Nuvei FieldsThe merchant
Collects and passes it to Nuvei directly from their frontend.
  • Submit the Moderate SAQ-A EP form (shorter than the SAQ-D).
  • Agree to conform to the required security standards.
  • Perform quarterly scans.
Server-to-ServerThe merchant
Collects from their checkout or payment page.
  • Submit the Detailed SAQ-D form.
  • Agree to conform to the required security standards.
  • Perform quarterly scans.

User Payment Management (Tokenization)

Nuvei has PCI accreditation that allows us to store and manage customer card details for later use. When a customer wishes to make a payment, they can simply select one of their stored payment methods with no need to re-enter the card details.

If you want to allow a customer to save their payment details for future transactions, you must include “payment option details” (e.g. card, expiration date, CVV), along with a userTokenId, which identifies the customer. Nuvei stores the details and returns a userPaymentOptionId (UPO) identifier in the response. See the Card-on-File topic.

The next time your customer makes a payment, you do not need to collect the payment option details again. Instead, send their userTokenId and userPaymentOptionId in the payment request.

This is Nuvei Gateway (GW) tokenization. Nuvei also supports network tokenization.

Last update iconLast modified September 2024