Merchants using Recurly's API to submit cardholder data qualify for the SAQ C questionnaire. When cardholder data passes through your hosting environment, even though you are not storing it, your systems fall within PCI compliance scope. Your merchant bank account provider will require you to complete the PCI DSS Self-Assessment Questionnaire C.
Articles in this section
- Is Recurly prepared for the SCA requirements (part of PSD2 regulations)?
- Will Recurly provide SSAE 16 reports to help with auditing?
- Can Recurly assist me with filling out my SAQ for PCI compliancy?
- Where can I learn more about PCI?
- What are best practices for PCI?
- I'm using the API. What SAQ do I need to fill out?
- I'm using Recurly.js. What SAQ do I need to fill out?
- I'm using the Hosted Payment Pages. What SAQ do I need to fill out?
- If I'm using Recurly, does my business need to be PCI compliant?
- Is Recurly PCI Compliant?