Introduction to PCI Compliance

Lopay is a point of sale (POS) application which uses Stripe Inc (www.stripe.com) for payment processing.

Lopay never handles sensitive payment information, either for via e-commerce or face 2 face (terminal) payments.

Stripe significantly simplifies the PCI burden for companies that integrate with Checkout, Elements, mobile SDKs, and Terminal SDKs. Stripe Checkout and Stripe Elements use a hosted payment field for handling all payment card data, so the cardholder enters all sensitive payment information in a payment field that originates directly from our PCI DSS–validated servers. Stripe mobile and Terminal SDKs also enable the cardholder to send sensitive payment information directly to our PCI DSS–validated servers. Click here for more inforamtion on how Stripe helps organisations achieve and maintain PCI compliance

SAQ-A

Lopay's e-commerce solutions, such as payment links are applicable for SAQ-A.

SAQ-A is not applicable to face-to-face channels such as our card readers, however, I can confirm our solution is applicable for SAQ C. Lopay has demonstrated full compliance with the PCI DSS.

Download: Self-Assessment Questionnaire A and Attestation of Compliance.pdf

SAQ-C

Download: Self-Assessment Questionnaire C and Attestation of Compliance.pdf

Card Reader PCI listing

The Lopay card reader powered by our payment processor, Stripe, on the PCI DSS-approved solution database here