What kind of security standards does PAYMILL follow?

PCI DSS (Payment Card Industry Data Security Standard)

Any business accepting payment cards needs to comply with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is defined by the PCI Council and is in place to make the processing of payment data more secure. The Council has been founded by the credit card schemes American Express, Discover Financial Services, JCB International, MasterCard and Visa, Inc. and these organisations may restrict the usage of their payment cards if businesses and services are non-compliant.

PAYMILL has been certified as PCI-DSS compliant. The certification means PAYMILL is regularly audited by SRC GmbH, a testing and auditing company, accredited by both MasterCard and Visa.

Please note: As of 2015 the PCI DSS version 3.0 will be mandatory. To follow the PCI DSS 3.0 requirements please refer to our documentation for detailed guidance.

SSL and HTTPS

We use HTTPS on all our websites. In addition, we regularly verify our security certificates and encryption algorithms. As a PAYMILL merchant you don’t need to have HTTPS on your website. However, we still recommend it.