Continuing with our promise of increased compliance and security, FormAssembly has achieved Payment Card Industry Data Security Standard (PCI DSS) Level 1 certification for our Enterprise-Level Compliance Cloud offering, as announced in a recent press release. We worked with our third party auditor and compliance assessor Coalfire® to review and update our processes and procedures in order to meet the stringent certification standards of Level 1 compliance.

According to Visa, level 1 compliance requires over 6 million Visa transactions annually. While most merchants fall into level 4 (less than 20,000 Visa transactions each year) and only require a self-assessment, level 1 certification requires a thorough audit process by a qualified assessor.

“PCI DSS compliance sets the bar on how we handle all kinds of data,” said FormAssembly CEO and Founder Cedric Savarese. “Security and privacy are foremost priorities for us as we continue to grow. We see this certification as a milestone in all areas—not just those pertaining to credit card information.”

To Whom Does PCI Compliance Apply?

If you’re asking for credit card information, then PCI standards apply. According to the PCI Security Standards Council, PCI compliance applies to any “merchant, financial institution or other entity that stores, processes or transmits cardholder data.” Companies of all types, including retailers, nonprofits, consulting agencies, and professional associations are just a few examples.

If you’re considering using FormAssembly to process payments for your business — whether you’re creating order forms, payable invoices, event signups, donation forms, or any type of payment form — you can be assured that PCI compliance is handled properly by us and the processors with which we integrate.

Regardless of the plan you’re on, we require the use of one of our payment integrations such as Stripe or PayPal to collect and process credit card information. This ensures that the cardholder data is not unnecessarily stored on FormAssembly.

Waning Customer Trust and the Role of PCI Compliance + Certification

Choosing to work with a Level 1 compliant vendor signals to your customers that you take their information seriously. A 2014 study from ACI Worldwide and Aite Group found that about a third of consumers in a global sample of 6,100 don’t think that their personal data is adequately safeguarded by retailers against potential breaches. That’s a lot of people that don’t fully trust companies with their data.

Building customer trust takes consistent dedication to better, stronger security practices and adherence to industry recognized standards.

PCI Compliance Demonstrates How Seriously We Take All Data

At FormAssembly, we take an agnostic approach to data. No matter how sensitive data is, we handle it all in the most secure manner possible.

Our customers trust us to keep their data safe, which we accomplish through multiple exacting measures and best practices. These include our vendor selection process and the partners we work with; our strict, as-needed data access policy for team members; our comprehensive training on handling sensitive information by team members; third-party audits that check our policies, procedures, and sophisticated software; and HIPAA compliance for Enterprise-level healthcare clients who select our Compliance Cloud.

“We want to ensure that our customers are using the best, most secure solution on the market,” said Demand Marketing Manager Ashley McAlpin.

This means being informed and up-to-date about the certifications that are relevant to our customers and being proactive about meeting those standards.

Our efforts to be secure are not lost on our customers, including Adam Smeets, Director of University Information Systems for Dominican University, a client that relies on FormAssembly for data security.

“For example, students who want to apply to be teaching assistants in the classroom — that data needs to be secure. With FormAssembly, security is clearly defined and protected, specifically with the data we’re collecting and storing,” Adam said.


It can’t be stressed enough how crucial data security is, whether it’s credit card data or any other kind of data. Not handling data responsibly or failing to adhere to certain security standards can result in costly consequences. According to the PCI Security Standards Council, data breaches and other security problems can result in anything from loss of customer faith and revenue to lost jobs and the demise of an entire business.

We don’t take this knowledge lightly. Our PCI DSS Level 1 certification demonstrates our commitment to handle all data, credit card information included, with the utmost care and in the securest way possible.

Learn more about our Enterprise Level plans and the Compliance Cloud option, which also includes HIPAA compliance that allows customers to easily and effectively process Protected Health Information (PHI) through online forms.

Pin It on Pinterest

Share This