First Data/Payeezy: What is the extension's PCI scope?

Modified on Mon, 29 Mar, 2021 at 3:41 PM

Our First Data/Payeezy payment method transmits credit card data from the checkout page, through your server, to the Payeezy API. The Payeezy API then tokenizes the CC (using First Data's TransArmor service) for storage and reuse. 


Credit card numbers are not stored in any fashion on your server, but they are transmitted through it. There's no JavaScript, iFrame, or redirect solution involved at this time. As such, this payment method falls under the scope of PCI Self-Assessment Questionnaire D (SAQ D).


Note that you must have SSL enabled on all checkout and login forms, and that this eligibility only applies to this specific payment method. Any other payment methods or credit card handling your business may perform will have its own SAQ eligibility.


For details on the SAQ types and what eligibility means, see "Self-Assessment Questionnaire Instructions and Guidelines (3.2)" (PDF, by PCI Standards Security Council).

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article