PCI-DSS prerequisits

CentralPay simplifies the PCI-DSS compliance processes, by sweeping away constraints regarding sensitive data management while offering you exclusive control over integrating your services and advanced features.

Its tokenization process has been designed to allow you to determine and limit your security perimeter opting for a SAQ A or SAQ A – EP without degrading your users experience regarding the payment features and processes.

You can either use two options: a "Pop-in form" or a "custom form" (with token delivery + JavaScript) to collect payment information which sent directly to CentralPay environment without routing through your servers.

Which means :

  • Securising your payment pages using TLS (1.2 min) (Transport Layer Securityto meet HTTPS standards
  • Review and validate your service's PCI compliance every year

As mentioned below the required compliance levels based on the modules utilisation:

The POPIN FORM and the SAQ A

With this module, Centralpay manages all exchanges with customer payment cards in a hosted CentralPay IFRAME so that sensitive data never route through your servers. Using this service allows you to access the simplest PCI DSS compliance level known as SAQ A.

You can download the SAQ A at this address:


Thanks to the combination of « Custom + Token.js », you manage yourself your payment forms for an optimized payment experience. This method implies that you initiate the payments on your servers and you must be SAQ A-EP level compliant.

You can download the SAQ A-EP at this address: