← Back to Guides

Does Vercel support PCI compliance?

Learn about Vercel and PCI compliance.
Last updated on January 15, 2025
Policy & Security

Vercel supports PCI compliance as a merchant and service provider. We can provide Attestation of Compliance (AOC) reports to customers upon request.

Payment Card Industry Data Security Standard (PCI DSS) is a standard that defines the security and privacy requirements for payment card processing. PCI compliance requires businesses that handle customer credit card information to adhere to a set of information security standards.

In alignment with Vercel’s shared responsibility model, Vercel serves as a service provider to customers who process payment and cardholder data. Customers should select an appropriate payment gateway provider to integrate an iframe into their application to ensure that any information entered in the iframe goes directly to their payment processor and is isolated from their application’s managed infrastructure on Vercel.

Learn about PCI DSS iframe integration.

Vercel acts as a merchant by facilitating online transactions for the services we provide to our customers.

Vercel relies on validated third-party payment processors to securely handle all aspects of payment processing, including data transmission, processing, and storage. These payment providers support compliance with PCI DSS standards and enable Vercel to deliver services without directly managing cardholder data from customers.

Vercel provides a Self-Assessment Questionnaire D (SAQ-D) Attestation of Compliance (AOC) and a Self-Assessment Questionnaire A (SAQ-A) Attestation of Compliance (AOC) under PCI DSS v4.0. PCI DSS compliance is a shared responsibility between Vercel and its customers. Vercel also provides a Responsibility Matrix which outlines the security and compliance obligations between Vercel and its customers.

  • The SAQ-D AOC supports Vercel’s adherence to PCI DSS requirements as a service provider, which is essential for customers handling payments through their applications, as it may impact the scope of their cardholder data environment per PCI DSS standards.
  • The SAQ-A AOC supports Vercel’s adherence to PCI DSS requirements as a merchant, ensuring that all cardholder data is processed by authorized third-party payment processors.

A copy of our PCI DSS compliance documentation can be obtained through our Trust Center.

Contact us for more details about our SAQ-D and SAQ-A AOC reports or Responsibility Matrix.

Couldn't find the guide you need?