PCI Compliance


A shared responsibility for secure payments

What is PCI Compliance?

If your business accepts card payments, you need to follow PCI compliance rules. These rules are set by the PCI Council and known as Payment Card Industry Data Security Standard (PCI DSS) to keep customer payment details safe from cyber threats and fraud. For Nochex as a payment facilitator, compliance is critical to maintaining trust and security across our payment ecosystem, it’s also about guiding our merchants to maintain safe payment practices.

Why is PCI Compliance shared responsibility?

Securing payment data requires collaboration between facilitators or payment providers and merchants. Here’s how the responsibility is shared:

Integration Method Description PCI Compliance Responsibility Applicable SAQ Type
Hosted Payment Page (Nochex Payment Page) Customer is redirected to a secure, third party page to complete the transaction Minimal Responsibility – Cardholder data is never handled or stored by the merchant. The payment provider assumes full responsibility for PCI Compliance SAQ A
Embedded IFrame or JavaScript Library (Nochex API Widget)

payment fields hosted by provider, integrated via merchant’s website

 Payment fields are embedded on the merchant’s website but securely hosted by the provider. Merchants site does not affect the security of the payment form. Low – Merchant does not handle card data but has minimal PCI scope, but must ensure no interference with the hosted elements SAQ A
Hosted Virtual Terminal (MOTO) Merchant manually enters cardholder data on behalf of customers using a secure web interface. High – Merchant is directly handling card data and must secure the environment (e.g. devices, network, staff training) SAQ C-VT

What can merchants do?

While facilitators provide secure payment infrastructure, merchants must take steps to protect customer data:

  • Use PCI-Compliant Payment Solutions
  • Avoid storing Cardholder data
  • Secure Network connections
  • Control access to payment data – Only allow trusted employees to manage transactions
  • Monitor for fraud and suspicious activity – Regular review logs and report anomalies
  • Train staff on best practices – Educate employees on phishing, social engineering, and safe payment handling

Consequences of Non-compliance

If merchants fail to meet PCI DSS requirements, it can impact both merchants and payment facilitator

  • Financial penalties – Card brands, Banks may issue fines
  • Increased transaction fees  – Non-compliance can lead to higher costs from acquirers
  • Loss of processing privileges – Banks may suspend payment services for high-risk merchants
  • Data breaches and Lawsuits – customers affected can take legal action
  • Reputational damage – security breaches hurt customer trust and business relationships


Where can merchants find help?

Merchants can seek guidance from:

  • PCI Security Standards Council – the official source for guidelines and updates
  • Security Consultants – experts who help businesses implement security measures and assist with PCI Compliance, such as; Security Metrics
  • Nochex – As your payment facilitator we have resources to help you with compliance.


PCI Compliance v4.0.1

How to comply with the new requirements

More information

More information

This website uses cookies to ensure you get the best experience on your website. More Info.