SMSyou Technology
Back to Home

Security & Compliance

PCI DSS Compliance

SMSYou is committed to maintaining the highest standards of payment card security. This page outlines our PCI DSS compliance status and security measures.

SAQ A-EP Compliant

SMSYou operates under PCI DSS SAQ A-EP (E-commerce Partially Outsourced) compliance level. This means we process card payments through our servers but immediately transmit card data to our PCI-compliant payment gateway partner, DPO Pay.

Level 4

PCI DSS Merchant Level

SAQ A-EP

Compliance Type

Annual

Validation Frequency

Security Measures

End-to-End Encryption

All card data is encrypted using TLS 1.3 during transmission. Card details are never stored on our servers.

Secure Server Infrastructure

Our servers are hosted on secure, PCI-compliant infrastructure with regular security patches and updates.

Immediate Gateway Transmission

Card data is immediately transmitted to DPO Pay (our PCI Level 1 certified payment gateway) and never persists in our systems.

No Card Data Storage

We do not store full card numbers, CVV codes, or magnetic stripe data. Only transaction references are retained.

Access Controls

Strict role-based access controls ensure only authorized personnel can access payment systems.

Regular Security Audits

We conduct regular security assessments and vulnerability scans to maintain compliance.

Payment Gateway Partner

We partner with DPO Pay, a PCI DSS Level 1 certified payment service provider. DPO Pay handles all card processing and maintains the highest level of PCI compliance.

PCI DSS Level 1

3D Secure 2.0

Fraud Detection

What Data We Collect

We DO Collect:

  • Transaction reference numbers
  • Transaction amounts and currencies
  • Transaction timestamps
  • Payment status (success/failed)
  • Last 4 digits of card (for customer reference only - e.g., ****1234)

We DO NOT Collect or Store:

  • Full card numbers
  • CVV/CVC security codes
  • Card expiry dates
  • Magnetic stripe data
  • PIN numbers

PCI DSS Requirements We Meet

Build and maintain a secure network

Protect cardholder data

Maintain a vulnerability management program

Implement strong access control measures

Regularly monitor and test networks

Maintain an information security policy

Encrypt transmission of cardholder data

Use and regularly update anti-virus software

Develop and maintain secure systems

Restrict access to cardholder data

Track and monitor all access to network resources

Regularly test security systems and processes

Questions About Our Security?

If you have questions about our PCI DSS compliance or security practices, please contact our security team.

security@smsyou.coView Privacy Policy

Last updated: June 3, 2026