Processing with full card numbers

Integrators with the Helcim API cannot send full card numbers, expiry dates, or CVV numbers through the Payment API by default. The Payment API will return an error for any attempts to do so without approval.

We encourage all integrators to reduce their PCI scope by processing with card tokens instead of full card numbers. You can read more about how to do that through the following documentation.

• Processing with card tokens.

Full card number approval process

If your integration relies on processing with full card numbers, then you will need to provide Helcim with the following items in order to be reviewed and approved by our cyber-security team and CTO.

• A technical overview of how you intend to integrate with the Helcim API to process payments, and why full card numbers are required.
• Your Attestation of Compliance (AOC) provided by a third-party auditor, showing that either you or the service provider managing your full card numbers are PCI DSS SAQ-D compliant.
• Confirmation of your Helcim merchant ID.

Your request with this information can be sent to [email protected]. Once your request has been received the approval process will begin, which typically takes between 5-10 business days.

Full card number renewal process

Helcim will reach out to you each year to obtain the most recent Attestation of Compliance for your business or the third-party service provider managing full card numbers for your integration.

Failure to provide this updated Attestation of Compliance in a timely manner may result in full card number processing being disabled for your integration.