All parties involved with processing, transmission and storage of card details are subject to the PCI Data Security Standards. These standards are in place to provide consumers the most secure methods of payment processing. Merchants must validate their compliance with the PCI DSS on an annual basis. Most merchants can validate via a Self-Assesment Questionnaire (SAQ). Your SAQ type can vary depending on which methods you use to collect and process card data.


iTransact requires that a secure process is in place to securely transmit card data from your client (app, software, browser) to your server. The PCI Security Standards Council has determined that SSLv3 and earlier versions of TLS no longer meet the minimum security standards. All integrations with iTransact must use TLSv1.2.

Digital Certificates

In an effort to validate the integrity of traffic between you and your client, merchants will need a digital certificate to use TLSv1.2. These certificates can be acquired by a reputable certification authority (CA). The use of digital certificates will assure your clients that they are actually communicating with you and not a fraudster impersonating you.