# Handling Raw Card Data

This guide outlines the steps for building your own payment form for processing raw card data instead of using Finix’s Tokenization Forms (requires full PCI compliance).

Finix is certified as a Level 1 Payment Card Industry Data Security Standards (PCI DSS) compliant Service Provider. For more details, see [Security and Compliance at Finix](/guides/managing-operations/security-compliance).

If you have a Level 1 PCI compliant card data environment (CDE), you don't have to use the forms offered by Finix and can create your own form or flow to collect buyer information.

Processing raw card data
If you're interested in processing raw card data, contact the [Finix Support Team](mailto:support@finix.com). A Level 1 or 2 PCI Attestation of Compliance (AoC) needs to be provided to Finix to process raw card data.

If you don't have a CDE and want to process payments, use [Finix's Tokenization Form](/guides/online-payments/payment-tokenization/tokenization-forms) to collect buyer information.

To collect raw card data, you need to be [fully PCI compliant](/guides/managing-operations/security-compliance/pci-dss-compliance). If you're not fully PCI compliant, use our [Tokenization Form](/guides/online-payments/payment-tokenization/tokenization-forms) instead.

Processing raw card data is similar to processing [other payments](/guides/online-payments/online-payments-quickstart) that use our Tokenization Forms. Steps include:

- Building a payment form for cards
  - When handling raw card data, you'll need to create the form as opposed to hosting a form created by Finix.
- [Creating a Payment Instrument](/guides/online-payments/online-payments-quickstart#step-2-create-a-payment-instrument)
- [Creating a Sale or Authorization](/guides/online-payments/online-payments-quickstart#step-3-create-a-transfer)
- [Handling the post-payments experience](/guides/online-payments/online-payments-quickstart#after-the-payment)


## Building a Payment Form

The form you create must collect enough information to successfully create an `Identity` and [`Payment Instrument`](/api/payment-instruments/createpaymentinstrument) for the buyer. The information also needs to be collected in a PCI compliant environment.

- Once the buyer submits the information, submit a request from your PCI server to [Create an Identity](/api/identities/createidentity).
- Use that `Identity` to [Create a Payment Instrument](/guides/online-payments/online-payments-quickstart#step-2-create-a-payment-instrument) and proceed with the usual steps you'd take to process a payment ([Creating a Transfer](/api/transfers/createtransfer), [Reviewing the Sale for Fraud](/guides/payments/risk/fraud-detection/), etc.).