Vercel supports PCI compliance as a merchant and service provider. We can provide Attestation of Compliance (AOC) reports to customers upon request.
What is PCI compliance?
Payment Card Industry Data Security Standard (PCI DSS) is a standard that defines the security and privacy requirements for payment card processing. PCI compliance requires businesses that handle customer credit card information to adhere to a set of information security standards.
Vercel as a Service Provider
In alignment with Vercel’s shared responsibility model, Vercel serves as a service provider to customers who process payment and cardholder data. Customers should select an appropriate payment gateway provider to integrate an iframe into their application to ensure that any information entered in the iframe goes directly to their payment processor and is isolated from their application’s managed infrastructure on Vercel.
Learn about PCI DSS iframe integration.
Attestation of Compliance
Vercel provides a Self-Assessment Questionnaire D (SAQ-D) Attestation of Compliance (AOC) (SAQ-D AOC) under PCI DSS v3.2.1 for service providers. This is crucial for customers handling payments through their applications, as it may affect the scope of their cardholder data environment per PCI DSS standards. The SAQ-D AOC certifies Vercel's adherence to PCI DSS requirements as a service provider.
A copy of our PCI Compliance can be obtained via our Security portal.
Contact us for more details about our SAQ-D AOC report.