Reducing PCI Scope

We strongly advise that you do not store any sensitive cardholder information, including full credit card numbers and expiry dates.

We recommend using the Helcim API in conjunction with either HelcimPay.js or Helcim.js for capturing and tokenization of full credit card numbers. Further transactions can then be processed through the Payment API using the card token, and since no full credit card numbers are passed, your website and server remains outside the scope of PCI-DSS compliance.

There are a number of entry-points for credit card data, including HelcimPay.js, Helcim.js, the Virtual Terminal, Hosted Payment Pages, Customer Portal, and Online Store.

When a transaction is successfully processed using any of these entry points, the credit card is automatically tokenized and stored in your the respective Customer profile, in addition to your card vault. Using the stored cardToken, you can process a new transaction anytime without needing the original credit card details.