Data security is one of our highest priorities at Rebilly.

We go beyond industry standards to meet a high level of data security at every layer, from server hardening techniques and network segmentation to extensive data integrity logging, secure coding practices and rigorous testing.

We've achieved the highest level of PCI-DSS compliance, which includes a yearly full audit of our security practices and policies, as well as penetration testing, completed by a third party accredited by the PCI council.

Merchants can significantly reduce their security related expenses by offloading most of their PCI-DSS compliance requirements to Rebilly. This is done by leveraging our TOKENS API endpoint in conjunction with rebilly.js to avoid having payment information go through a merchant's server and having to deal with storing very sensitive information and the security requirements that comes with it.

If you’d like, you can reduce your costs of compliance by varying degrees by using Rebilly:

  1. Largest reduction: By not accepting payment cards on your website by using a 3rd party hosted checkout page.
    *Requires SAQ - A
  2. Significant reduction: By using a javascript or iframe solution. You retain flexibility and control over the checkout, and reduce the scope of compliance dramatically.
    *Requires SAQ - A-EP
  3. Small reduction: By not storing the card data, but transmitting card data through your servers. Some sections not applicable.
    *Requires SAQ - D
  4. No reduction: By transmitting and storing cardholder data through your servers. Will require an auditor if the transaction count is high enough.
    *Requires SAQ - D
Did this answer your question?