Payment via
Sips Paypage
|
- Payment pages hosted by Worldline Sips.
|
- You do not store card details, so you do not have any PCI DSS constraints.
|
- Payment page customisation is more limited than if you host these pages.
|
SAQ-A
|
Payment via Sips Paypage iFrame.
|
- Payment pages hosted by Worldline Sips.
|
- You do not store card details, so you do not have any PCI DSS constraints.
- You can customise the HTML page containing the payment iFrame as you wish, because you host this page.
|
- Payment iFrame customisation is more limited than if you host this content.
|
SAQ-A
|
MOTO payment via Sips Paypage.
|
- The customer communicates their payment details via e-mail or telephone.
- You enter those details on the payment pages hosted on Worldline Sips
|
- You use ready-to-use payment pages managed by Worldline Sips
|
- You handle card numbers, you must comply with PCI DSS constraints regarding the management of card numbers.
|
SAQ-D
|
Payment via Sips Office.
|
- Payment pages hosted by your website.
- If you need to keep the card number, you must store it in your database.
|
- You can customise the payment pages as desired because they are hosted on your premises.
|
- You must comply with PCI DSS constraints regarding the storage of card numbers.
|
SAQ-D
|
Payment via
using card number tokenisation.
|
- Payment pages hosted by your website.
- The token is an identifier shared by you and
Worldline Sips.
- It replaces the card number (PAN).*
- If you need to keep the card number, you store a token of the card number in your database.
|
- You can customise the payment pages as desired because they are hosted on your premises.
- The token is not a sensitive data.
- It contributes to complying with PCI DSS standards.*
|
- You have to store and manage every token you use.
|
SAQ-D
|
Payment via Sips Office using client-side encryption (CSE).
|
- Payment pages hosted by your website.
- Encryption of sensitive data before it is transmitted to your servers and to the Worldline Sips servers.
|
- You can customise the payment pages as desired because they are within the mobile application.
- Your server receives encrypted sensitive data (no transmission of clear information on your server) for a simplified compliance with PCI DSS standards.
|
- You must manage an additional security key related to CSE.
|
SAQ A-EP
|
Payment via Sips In-App.
|
- Payment pages are within the mobile application.
- Encryption of sensitive data before it is transmitted to the servers.
|
- You can customise the payment pages as desired because they are within the mobile application.
- Your server does not receive sensitive data. The data is sent from the mobile application straight to the Sips In-App server.
|
- You must manage an additional service to initialise Sips In-App payments.
|
SAQ A-EP
|
Payment via Sips Office Sips Hosted Fields
|
- Payment pages hosted by your website.
- Sensitive data is entered using the iframes hosted by Worldline Sips.
|
- You can customise the payment pages as desired because they are within the mobile application.
- You do not store card details, so you have fewer PCI DSS constraints.
|
- You have to manage an additional service to initialise the iframes hosted by Worldline Sips.
|
SAQ A-EP
|
MOTO payment via Sips Office Extranet.
|
- The customer communicates their payment details via e-mail or telephone.
- You enter those details on payment pages hosted on Sips Office Extranet
|
- You use one and only tool managed by Worldline Sips to create and manage your transactions.
|
- You manage card numbers, you must comply with PCI DSS constraints regarding the management of card numbers.
|
SAQ-D
|