No momento, esta página não está disponível em português
Tools-2 icon

Protecting your Adyen integration

Best practices to mitigate security risks in your integration with Adyen.

The information in this page is for guidance only. It is not a complete list of all security measures you should take, and should not be taken as definitive advice.

Attackers can try to steal card data by exploiting weaknesses in your systems. To protect your data, and that of your customers, make sure that you implement the security measures described on this page.

Requirements

Before you begin, check if the information on this page applies to you.

Requirement Description
Integration type The information on this page is relevant for all Adyen integrations with online payments or in-person payments.

Protect your online payments integration

Most online attacks are related to security flaws in your checkout or payment pages. The security of your own webpages and apps is your responsibility, because Adyen has limited ability to prevent attacks in environments we do not control.

Third-party components

If you have vulnerable third-party components (scripts) in your webpage, attackers might be able to steal data in various ways, for example by making your website execute their own code.

  • The Payment Card Industry Data Security Standard (PCI DSS) v4.0.1 includes requirements related to script security in ecommerce. To help you comply with these requirements, we have several script security recommendations.

Protect your in-person payments integration

Security risks with in-person payments are related to the payment terminals: physical tampering, and replacing terminals with tampered terminals.

Prevent tampering

To keep the data of your customers safe, make sure that malicious actors cannot access your payment terminals.

  • Place the terminals in a monitored environment, both during and outside of business hours. Be aware of suspicious activity around the terminal.
  • Inspect your payment terminals to make sure they have not been tampered with. You must do this when you receive a new terminal and also at regular intervals after.
  • Verify the identity of anyone who requests access to the terminal, for example individuals claiming to be repair or maintenance personnel. Adyen terminal maintenance staff will never arrive without prior arrangement, so check that maintenance is planned.

In-store measures

  • Make sure that the location of the payment terminal does not allow the PIN to be observed while the customer is entering it. Pay special attention to reflective surfaces nearby, cameras, or the position of the cashier with respect to the payment terminal.
  • Train your staff to instruct customers to hide their PIN while entering it on the payment terminal.

Point to point encryption

If you are using our Point-to-Point Encryption (P2PE) solution, implement all the advice described. You must also implement all the requirements in the P2PE Instruction Manual (PIM).

See also