PCI Compliance
Copy page
Copy page as Markdown for LLMs
Open in ChatGPT
Ask questions about this page
Open in Claude
Ask questions about this page
Handling sensitive payment card data requires PCI compliance. However, when integrating with Amazon Payment Services, you can avoid the need for PCI certification by using our secure integration methods.
What is PCI DSS?
PCI DSS (Payment Card Industry Data Security Standard) is a set of requirements designed to ensure that businesses protect cardholder data during storage, processing, and transmission. PCI compliance involves:
- Passing a formal audit by a qualified PCI assessor
- Implementing technical and organizational safeguards for payment data
- In some cases, undergoing on-site inspections
Do You Need to Be PCI Compliant?
Not necessarily. If you configure your Amazon Payment Services integration using the recommended approaches (such as Hosted checkout or custom integration), all sensitive card data is handled exclusively by Amazon Payment Services. Your server does not see, store, or transmit card details.
- You do not need to undergo PCI audits
- You remain outside the PCI scope
- Reduced compliance burden and costs
- Faster time to market
This only applies if your integration ensures that no payment card data ever touches your server.
If your business is already PCI compliant, you have the option to use the custom integration. This allows you to:
- Collect, process, and store payment card data directly on your servers
- Use Amazon Payment Services as a secure and compliant transaction processor
- Maintain full control over the payment experience
Support
Need assistance with PCI compliance questions? Contact our technical support team at merchantsupport-ps@amazon.com.