EmailMeForm is the ONLY Form-Builder
that is 100% PCI Compliant

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements to ensure all companies that process, store, or transmit credit card information maintain a secure standard. The PCI DSS provides a framework for payment card data security procedures, focusing on prevention, detection, and appropriate response to security concerns.

The PCI DSS was founded by the major payment brands (Visa, Mastercard, American Express, JCB, and Discover) in 2004 to combat payment fraud.

If you are collecting sensitive customer data, like credit card information, to process payments, then yes.

The PCI DSS applies to ANY organization that accepts, transmits, or stores cardholder data, regardless of size or number of transactions.

Yes. All businesses that store, process, or transmit cardholder data must be PCI compliant. However, it is considered unsafe to obtain this information over the phone. EmailMeForm developed Vault, a PCI certified system to store credit card information safely and in the most secure way.

Even if you do not store credit card data, if you accept credit or debit cards then PCI compliance applies to you.

In-scope cards include any debit, credit, and pre-paid cards branded with one of the five-card association/brand logos that participate in the PCI SSC – American Express, Discover, JCB, MasterCard, and Visa International.

Yes. EmailMeForm is PCI certified to handle offline credit card transmission and storage, as well as integrating with our reliable payment integration partners like PayPal, Stripe, Authorize.net, and Square.

We're not just PCI compliant. We're the only PCI certified form builder that lets users collect complete credit card numbers, CVV codes, and expiration dates.

No.

PCI compliance is a self-checked assessment of security measures prescribed by PCI DSS — it only takes about 30-45 days to complete.

PCI certification takes that same checklist and then submits that assessment to an independent audit conducted by a PCI Qualified Security Assessor (QSA) who's been selected, trained, and qualified by the PCI body itself.

This is available upon request. Please send us a message here.

EmailMeForm's independent QSA is TUVRheinland.

Higher level of security and convenience for both you and your client.

Instead of calling them on the phone to get the CVV code, our forms let you collect the complete credit card number, CVV code, and expiration date. We're the only PCI certified form builder who can do that.

PCI certified business is necessarily PCI Compliant but certification is not guaranteed the other way around.

As far as we know, yes.

Other form builders can say they're PCI compliant or PCI certified, but they don't allow you to collect the full credit card number and CVV code. They are only certified to process integrated payments with 3rd parties.

We also have an appointed Data Protection Officer (DPO) who handles all our PCI concerns.

Your process of collecting credit card information entrusted using our forms is PCI Compliant and that's our only scope. Clients are solely responsible for auditing their entire business for PCI compliance.

• Utilize the Vault credit card field for collecting credit card information to ensure that the cardholder data is always encrypted upon collection, transmission between networks, and storage.

• Provide encrypted upload fields when asking users to submit documents like passport details for data privacy protection.

• Use field-level encryption on your form fields to encrypt the collected information before sending it to our EmailMeForm storage.

• Collect electronic signatures via our signature fields for additional security protection.

• Access to our appointed Data Protection Officer (DPO) for your specific PCI requirements.