CardPing is certified as a PCI DSS Level 1 Service Provider — the highest level of compliance for organisations that process, store, or transmit cardholder data. Our annual audit is conducted by a Qualified Security Assessor (QSA).
Level 1 subjects us to the most stringent PCI DSS requirements: an annual on-site QSA audit, quarterly network scans by an ASV, and bi-annual penetration testing. Our Attestation of Compliance (AoC) is available to Enterprise customers under NDA.
CardPing never stores cardholder data at rest. Card numbers, PINs, and CVVs submitted via the API are processed entirely in memory and immediately discarded after the network response. Nothing appears in logs, databases, or backups.
Integrating via the CardPing API can significantly reduce your PCI scope. Depending on your integration method, you may qualify for SAQ-A or SAQ-A-EP rather than a full on-site audit — potentially saving significant time and cost.
Enterprise customers can request our Attestation of Compliance for use in their own compliance audits. Contact compliance@cardping.io with your company details.