PCI DSS certified data collection
Back

What PCI Certification Means for You

Share

Join our newsletter!

Receive the latest data collection news in your inbox.

You commit to protecting your customer data, and we commit to protecting yours. Compliance and security are top priority for FormAssembly which is why we have been held Payment Card Industry Data Security Standard (PCI DSS) level 1 certification for over 8 years

According to Visa, level 1 compliance requires over 6 million Visa transactions annually. While most merchants fall into level 4 (less than 20,000 Visa transactions each year) and only require a self-assessment, level 1 certification requires a thorough audit process by a qualified assessor.

“PCI DSS compliance sets the bar on how we handle all kinds of data,” – FormAssembly CEO and Founder Cedric Savarese. 

To whom does PCI compliance apply?

If you’re asking for credit card information, then PCI standards apply. According to the PCI Security Standards Council, PCI compliance applies to any “merchant, financial institution or other entity that stores, processes or transmits cardholder data.” Companies of all types, including retailers, nonprofits, consulting agencies, and professional associations are just a few examples.

If you’re considering using FormAssembly to process payments for your business—whether you’re creating order forms, payable invoices, event signups, donation forms, or another type of payment form—you can be assured that PCI compliance is handled properly by us and the processors with which we integrate.

Regardless of the plan you’re on, we require the use of one of our payment integrations such as Stripe or PayPal to collect and process credit card information. This ensures that the cardholder data is not unnecessarily stored on FormAssembly.

Waning customer trust and the role of PCI certification

Choosing to work with a PCI DSS level 1-certified vendor signals to your customers that you take their information seriously. 79% of consumers believe their data is being used according to a recent study. Building customer trust takes consistent dedication to better, stronger security practices and adherence to industry recognized standards.

PCI certification demonstrates how seriously we take all data

At FormAssembly, we take an agnostic approach to data. No matter how sensitive data is, we handle it all in the most secure manner possible. Our customers trust us to keep their data safe, which we accomplish through multiple exacting measures and best practices, including:

  • Our strict, as-needed data access policy for team members
  • Our comprehensive training on handling sensitive information by team members
  • Third-party audits that check our policies, procedures, and sophisticated software
  • HIPAA compliance for healthcare clients who select our Enterprise plan

“We want to ensure that our customers are using the best, most secure solution on the market,” Ashley McAlpin, Director of Marketing at FormAssembly, said.

This means that we stay informed and up-to-date about the certifications that are relevant to our customers, and we are proactive about meeting those standards. Our efforts to be secure are not lost on our customers, including Adam Smeets, Director of University Information Systems for Dominican University, a client that relies on FormAssembly for data security.

“For example, students who want to apply to be teaching assistants in the classroom—that data needs to be secure. With FormAssembly, security is clearly defined and protected, specifically with the data we’re collecting and storing,” Adam said.


It can’t be stressed enough how crucial data security is, whether it’s credit card data or another kind of data. Not handling data responsibly or failing to adhere to certain security standards can result in costly consequences. According to the PCI Security Standards Council, data breaches and other security problems can result in anything from loss of customer faith and revenue to lost jobs and the demise of an entire business.

We don’t take this knowledge lightly. Our 8 years of PCI DSS Level 1 certification demonstrates our commitment to handle all data, credit card information included, with the utmost care and in the most secure way possible. To select the right plan for your organization, visit our features page.

Read more: What PCI Certification Means for You

Don’t just collect data
— leverage it