Handling Raw Card Data
This guide outlines the steps for building your own payment form for processing raw card data instead of using Finix’s Tokenization Forms (requires full PCI compliance).
Finix is certified as a Level 1 Payment Card Industry Data Security Standards (PCI DSS) compliant Service Provider. For more details, see Security and Compliance at Finix.
If you have a Level 1 PCI compliant card data environment (CDE), you don't have to use the forms offered by Finix and can create your own form or flow to collect buyer information.
If you're interested in processing raw card data, contact the Finix Support Team. A Level 1 or 2 PCI Attestation of Compliance (AoC) needs to be provided to Finix to process raw card data.
If you don't have a CDE and want to process payments, use Finix's Tokenization Form to collect buyer information.
To collect raw card data, you need to be fully PCI compliant. If you're not fully PCI compliant, use our Tokenization Form instead.
Processing raw card data is similar to processing other payments that use our Tokenization Forms. Steps include:
- Building a payment form for cards
- When handling raw card data, you'll need to create the form as opposed to hosting a form created by Finix.
- Creating a Payment Instrument
- Creating a Sale or Authorization
- Handling the post-payments experience
Building a Payment Form
The form you create must collect enough information to successfully create an Identity and Payment Instrument for the buyer. The information also needs to be collected in a PCI compliant environment.
- Once the buyer submits the information, submit a request from your PCI server to Create an Identity.
- Use that
Identityto Create a Payment Instrument and proceed with the usual steps you'd take to process a payment (Creating a Transfer, Reviewing the Sale for Fraud, etc.).