You can rest assured that your cardholder data is safe with us as Mollie has been audited and certified as a PCI Level 1 Service Provider by an independent PCI Qualified Security Assessor (QSA), the highest level of certification in the payments industry.
Basic principles of PCI DSS
PCI compliance is a shared responsibility between Mollie and your business. To accept payments in a PCI compliant manner, the best practice is to avoid handling card data directly. Mollie simplifies this process by managing the protection of your customers’ card information in our own systems when it is received through our official payment interfaces. You are still responsible to ensure the safety of the card data before it reaches Mollie.
Responsibilities in regards to PCI DSS
Mollie
Mollie is responsible for maintaining PCI DSS compliance of its Cardholder Data in the Cardholder Data Environment (CDE) which means Mollie (along with its service providers) is responsible for the security of cardholder data as long as - and only if - we receive the data through our API / plugins / integrations.
After Mollie receives customers' cardholder data, the data is stored/processed in a PCI DSS compliant CDE.
You (Customer)
You are responsible for making sure that cardholder data is secure and protected before the data reaches Mollie. Depending on your integration, you also have to comply with cardholder data storage requirements.
You can find the list of PCI DSS 4.0 requirements and sub requirements that apply to you in the document linked below: