What PCI Certification Means for You


Join our newsletter!

Receive the latest data collection news in your inbox.

Continuing with our promise of increased compliance and security, FormAssembly has achieved Payment Card Industry Data Security Standard (PCI DSS) level 1 certification. We worked with our third-party auditor and compliance assessor Coalfire® to review and update our processes and procedures in order to meet the stringent certification standards of level 1 compliance.

According to Visa, level 1 compliance requires over 6 million Visa transactions annually. While most merchants fall into level 4 (less than 20,000 Visa transactions each year) and only require a self-assessment, level 1 certification requires a thorough audit process by a qualified assessor.

“PCI DSS compliance sets the bar on how we handle all kinds of data,” said FormAssembly CEO and Founder Cedric Savarese. “Security and privacy are foremost priorities for us as we continue to grow. We see this certification as a milestone in all areas—not just those pertaining to credit card information.”

To whom does PCI compliance apply?

If you’re asking for credit card information, then PCI standards apply. According to the PCI Security Standards Council, PCI compliance applies to any “merchant, financial institution or other entity that stores, processes or transmits cardholder data.” Companies of all types, including retailers, nonprofits, consulting agencies, and professional associations are just a few examples.

If you’re considering using FormAssembly to process payments for your business—whether you’re creating order forms, payable invoices, event signups, donation forms, or another type of payment form—you can be assured that PCI compliance is handled properly by us and the processors with which we integrate.

Regardless of the plan you’re on, we require the use of one of our payment integrations such as Stripe or PayPal to collect and process credit card information. This ensures that the cardholder data is not unnecessarily stored on FormAssembly.

Waning customer trust and the role of PCI certification

Choosing to work with a PCI DSS level 1-certified vendor signals to your customers that you take their information seriously. A 2014 study from ACI Worldwide and Aite Group found that about a third of consumers in a global sample of 6,100 don’t think that their personal data is adequately safeguarded by retailers against potential breaches. That’s a lot of people that don’t fully trust companies with their data.

Building customer trust takes consistent dedication to better, stronger security practices and adherence to industry recognized standards.

PCI certification demonstrates how seriously we take all data

At FormAssembly, we take an agnostic approach to data. No matter how sensitive data is, we handle it all in the most secure manner possible. Our customers trust us to keep their data safe, which we accomplish through multiple exacting measures and best practices, including:

  • Our strict, as-needed data access policy for team members
  • Our comprehensive training on handling sensitive information by team members
  • Third-party audits that check our policies, procedures, and sophisticated software
  • HIPAA compliance for healthcare clients who select our Enterprise plan

“We want to ensure that our customers are using the best, most secure solution on the market,” Ashley McAlpin, Director of Marketing at FormAssembly, said.

This means that we stay informed and up-to-date about the certifications that are relevant to our customers, and we are proactive about meeting those standards. Our efforts to be secure are not lost on our customers, including Adam Smeets, Director of University Information Systems for Dominican University, a client that relies on FormAssembly for data security.

“For example, students who want to apply to be teaching assistants in the classroom—that data needs to be secure. With FormAssembly, security is clearly defined and protected, specifically with the data we’re collecting and storing,” Adam said.

It can’t be stressed enough how crucial data security is, whether it’s credit card data or another kind of data. Not handling data responsibly or failing to adhere to certain security standards can result in costly consequences. According to the PCI Security Standards Council, data breaches and other security problems can result in anything from loss of customer faith and revenue to lost jobs and the demise of an entire business.

We don’t take this knowledge lightly. Our PCI DSS Level 1 certification demonstrates our commitment to handle all data, credit card information included, with the utmost care and in the most secure way possible. To select the right plan for your organization, visit our features page.

Don’t just collect data
— leverage it