Recurly Day 2: Integration & PCI Compliance

Recurly Day 2: Integration & PCI Compliance
Log In

Day Two

Implementation & PCI Compliance

Welcome to the second of five emails designed to launch your Recurly integration successfully! Each day, we’ll send you a topic to explore, and today we’ll address the questions we see around implementation and PCI compliance.

While Recurly makes the below recommendations, this is no replacement for working with a Qualified Security Assessor (QSA) or following the requirements of your merchant bank.

What is PCI Compliance?

PCI Compliance is a technical term for making sure that companies collecting credit/debit card information handle it securely. All merchants are required to be PCI compliant by their merchant bank. Depending on the integration path you choose with Recurly, you can reduce (but not remove) the scope of your PCI requirements dramatically. By implementing one of the below methods, most merchants using Recurly can qualify to fill out a “Self-Assessment Questionnaire (SAQ)” for their merchant bank rather than going through a full PCI audit.

Admin Console

For merchants with no user-facing experience, you can simply use Recurly’s admin console to enter data directly into Recurly. This makes you eligible for SAQ-A.

Hosted Pages

Hosted Pages are Recurly’s most basic integration method, and because of their lack of complexity areeligible for the minimal SAQ-A. We usually recommend Hosted Pages to merchants who have basic checkout needs or to merchants who need to launch quickly while they’re working on a more advanced implemention.


If you’re looking for a custom checkout experience, using Recurly.js will allow you to work with SAQ-EP.

Recurly.js v4

Recurly.js v4 is our newest option, combining the customization of a basic Recurly.js integration while only requiring SAQ-A.


Recurly’s API can be used to pass credit card data to Recurly, but it requires the completion of a higher PCI compliance level. Recurly recommends using one of the above methods for sensitive transactions and the API for less sensitive information.

Have you made your decision yet? Most merchants use a combination of Recurly.js (for credit card gathering/updating) and the API (for other actions). If you want to discuss the optimum implementation for your company, don’t hesitate tocontact our support team . We also strongly encouragecontacting a QSA for PCI-specific questions.Tomorrow we’ll discuss all your options for receiving payments!


Recurly Support
You are receiving this newsletter because you are a Recurly customer.

400 Alabama St Suite 202, San Francisco, CA 94110

View email in browser

 Automate your sales processes with Process Street. Sales proposals, quali calls and CS hand-offs in seconds. Sign up free.