This document outlines the division of responsibilities for PCI DSS (Payment Card Industry Data Security Standard) compliance between IXOPAY and its customers.
Purpose: To clarify which PCI DSS requirements are the responsibility of IXOPAY, which are the customer’s, and which are shared.
Service Model: IXOPAY provides Software as a Service (SaaS) that customers can use to store, process, or transmit cardholder data.
Customer Responsibility: While IXOPAY supports PCI DSS compliance, customers remain ultimately responsible for ensuring their own compliance based on how they use IXOPAY services.
IXOPAY’s Role: As a Level 1 Service Provider, IXOPAY helps customers meet certain PCI DSS requirements through its Attestation of Compliance (AOC). The applicability of IXOPAY’s AOC depends on the services in use and their implementation.
Responsibility Matrix Tabs: The spreadsheet includes tabs that detail which responsibilities fall to IXOPAY, the customer, or are shared, depending on specific PCI DSS controls.
Reference: Customers can access IXOPAY’s current AOC at ixopay.com/legal/security-trust.