Security and compliance

Security is of the utmost concern in Payment Services and no private or Payment Card Industry (PCI) regulated information is passed across your Payment Services.

Commerce security

Adobe Commerce and Magento Open Source include support for several security features.

See Security in the core user guide to review security best practices, and learn how to manage Admin sessions and credentials, implement CAPTCHA, and manage website restrictions.

PCI compliance

The Payment Card Industry (PCI) established a set of requirements for businesses that accept payment by credit card over the Internet. In addition to maintaining a secure environment, merchants who handle customer credit card information are responsible for meeting some standard guidelines.

See PCI Compliance Guidelines for more information.

Merchants can complete a self-assessment questionnaire (SAQ), which is a self-validation tool to assess security for cardholder data.

Credit Card Fields

With Credit Card Fields, no PCI-regulated data is passed across your services. You don’t have to store or maintain that data, which vastly reduces PCI compliance concerns.

PayPal Smart Buttons

With PayPal Smart Buttons, no PCI-regulated data is passed across your services. You don’t have to store or maintain that data, which vastly reduces PCI compliance concerns.

For security reasons, PayPal does not pass the billing address during checkout—country, email, and name is the only billing information used. You can optionally enable your site’s PayPal checkout to return the complete billing address by contacting PayPal and completing a vetting process.

PayPal also has integrated fraud protection that uses machine learning to help you fight fraud. See PayPal’s Seller Protection documentation for more information.

On this page