Skip to content

PCI compliance

PCI compliance is often central to handling sensitive payment card data. However, if you use Amazon Payment Service you can avoid the need to be PCI compliant if you configure your payment processing integration correctly.

You avoid the need to undergo PCI auditing if you configure your payment processing integration as recommended because your server is not required to handle confidential payment card data.

Instead, Amazon Payment Services will always handle sensitive payment card data and you, the merchant, will not need to pass PCI compliance standards. However, that is only true under certain circumstances and only if your payment integration is coded correctly.

What is PCI compliance?

PCI compliance refers to compliance with the Payment Card Industry Data Security Standard (PCI DSS). It is a standard centered around a set of requirements intended to protect the private financial data of your customers.

Becoming PCI compliant means that your business has passed an audit by a qualified PCI auditor. In some circumstances it may mean that an on-site audit was performed.

Do I need to be concerned about PCI compliance?

Ensuring that your customers shop safely should always be a priority, but your business does not necessarily need to undergo a PCI compliance audit just because it sells online.

PCI compliance applies to businesses that handle, store or transmit payment card data. If you correctly configure your Amazon Payment Services merchant facility using our recommended integration routes (including standard and custom merchant page integration) your server will not handle payment card data.

In turn, because your business is not handling payment card data, it does not need to pass PCI compliance standards.

Note that the above is only valid if you configure your payment processing solution so that your server never receives or stores payment card data.

Trusted channel

If your company is already PCI compliant you can rely on Amazon Payment Services as a dependable billing partner. We can use the payment card data that you already hold to process transactions effortlessly and efficiently.

As a PCI compliant merchant, you can receive, manipulate and store confidential payment card data on your server. In turn, you may choose to use our trusted channel to process payments using the payment card data you already hold.

Read more about the trusted channel here.

Help with compliance

Using Amazon Payment Services as your payments partner may remove the need to become PCI compliant. You should nonetheless ensure that your implementation does not leave you exposed to compliance risks. Our team can help - get in touch with the Amazon Payment Services team to discuss your compliance concerns. Just message our support team at merchantsupport-ps@amazon.com.