Secure Proxy is a feature that allows payment integrations that use credit, debit, or cobranded cards as a payment method to be developed in the VTEX ecosystem without the need of a PCI DSS certification.
PCI DSS certification is needed to guarantee that sensitive information in the payment process is handled securely. Since not every integration is PCI compliant, Secure Proxy comes as an alternative to ease this process for developer partners. When using Secure Proxy, the payment provider does not receive any sensitive information, which is completely handled by VTEX until making the request to the acquirer.
The main differences between the standard flow and making use of Secure Proxy are:
- The Authorization request works as usual.
- The provider receives tokens from VTEX’s Gateway that refers to the sensitive data, instead of the actual data.
- The provider sends the API endpoint of the acquirer and the merchant credentials to the Gateway, instead of making the call directly to the acquirer.
- The Gateway makes the API call to the acquirer, acting as a proxy between the provider and the acquirer. In this call, the tokens are replaced by sensitive data.
To learn more about the feature, check our Secure Proxy article.