Skip to main content

PCI Compliance

Copy page

Copy page as Markdown for LLMs

Open in ChatGPT

Ask questions about this page

Anthropic

Open in Claude

Ask questions about this page

Handling sensitive payment card data requires PCI compliance. However, when integrating with Amazon Payment Services, you can avoid the need for PCI certification by using our secure integration methods.

What is PCI DSS?

PCI DSS (Payment Card Industry Data Security Standard) is a set of requirements designed to ensure that businesses protect cardholder data during storage, processing, and transmission. PCI compliance involves:

  • Passing a formal audit by a qualified PCI assessor
  • Implementing technical and organizational safeguards for payment data
  • In some cases, undergoing on-site inspections

Do You Need to Be PCI Compliant?

Not necessarily. If you configure your Amazon Payment Services integration using the recommended approaches (such as Hosted checkout or custom integration), all sensitive card data is handled exclusively by Amazon Payment Services. Your server does not see, store, or transmit card details.

  • You do not need to undergo PCI audits
  • You remain outside the PCI scope
  • Reduced compliance burden and costs
  • Faster time to market

This only applies if your integration ensures that no payment card data ever touches your server.

If your business is already PCI compliant, you have the option to use the custom integration. This allows you to:

  • Collect, process, and store payment card data directly on your servers
  • Use Amazon Payment Services as a secure and compliant transaction processor
  • Maintain full control over the payment experience

Support

Need assistance with PCI compliance questions? Contact our technical support team at merchantsupport-ps@amazon.com.

Was this page helpful?

Thanks for your feedback!