Shared Responsibility Model
Know about the security responsibilities shared between businesses and Razorpay.
Razorpay is a shared payment service provider. You bear some responsibility for the security of your payment ecosystem.
Razorpay is responsible for all the backend systems and payment data we process and share with banks. Our security and compliance programme ensures that we are always compliant against PCI-DSS, ISO 27001 and SOC 2 global compliance standards.
We also provide you with a facility to
and connect to our systems via automated computer programmes. Know how Razorpay does .You can integrate with the Razorpay Payment Gateway in 2 ways:
- (PCI Compliant)
It is critical to ensure the security of your API keys and Dashboard credentials. Ensure that you store these details in safe places and only share them with trusted team members.
Additionally, ensure that a customer's payment information only reaches your servers if you are
certified.Sensitive Data
On the Razorpay Payment Gateway, all the details entered by a user, like their name, address, and credit/debit card information, are used only to process and complete the order. Razorpay never stores sensitive information like CVV numbers, PINs and so on.
Feature Request
This is an on-demand feature. Reach out to your dedicated support POC to get this feature activated on your account.
All the security obligations for
also apply to Server To Server. Additionally, you must:- Be compliant with standards at all times.
- Share your PCI AOC (Attestation of Compliance) before every year's expiration date for continued access to this integration method.
You would be responsible for any misuse by not handling keys or the Dashboard credentials securely. We have an intuitive
to review the security posture and help you interact with us securely.