en
Contact Us

Checkout & ASV Validation

*Image is for illustrative purposes only

Checkout Technology

Checkout is an innovative payment card tokenization technology that allows you to accept payments directly on your website using your own payment form, without embedded iframes.

Key advantages

  • Maximum interface control. You fully control the design and logic of the payment form without the limitations imposed by third-party widgets.
  • High conversion. A simplified customer journey and familiar website interface reduce drop-offs at the payment stage.
  • Data security. Payment card data is encrypted directly in the customer’s browser. Your website does not receive, process, or store card numbers, which significantly reduces the PCI DSS compliance scope.

Security requirements

Despite the high level of security provided by Checkout technology, the website remains part of the payment environment and affects card data security. To comply with PCI DSS requirements, you must:

  • regularly scan the website for malware and vulnerabilities — at least once per quarter;
  • use the services of an accredited ASV (Approved Scanning Vendor) for scanning. The list of accredited vendors is published on the official PCI Council website.

ASV scanning: what it is and why it matters

ASV scanning (Automated Scanning Vendor) is an automated assessment of your web resource for compliance with PCI DSS security requirements.

During the scan, the system:

1. Checks the site for malware (viruses, trojans, etc.).

2. Searches for known vulnerabilities, including:

  • cross-site scripting (XSS);
  • SQL injection;
  • other common threats.

3. Generates a detailed report describing detected issues.

4. Provides recommendations and instructions for remediating identified vulnerabilities.

When is ASV scanning required?

ASV scanning is mandatory for websites that use Checkout technology to accept payments.

For other payment acceptance tools (widget, mobile SDK, recurring billing, recurring payments), ASV scanning is not required because card data is processed on the payment provider’s side.

Vendor selection

You independently choose an accredited ASV vendor from the list published on the PCI Council website. This ensures that the scan is performed in accordance with international security standards.

Support team

The service quality and security are ensured by a team of 30 specialists across the following departments:

  • development;
  • testing;
  • operations;
  • technical support.

All employees:

  • have significant experience with banking and processing systems;
  • are experts in payment technologies and information security;
  • regularly undergo specialized training and improve their qualifications.