Receiving Card Data From Spreedly on Behalf of Your Customer

If you’re on this page it’s likely that we have a mutual customer that wishes to use Spreedly to send credit card data to your API through what we call Payment Method Distribution. Because this involves the transfer of sensitive and protected cardholder data, we have to verify our integration before enabling this for our mutual customer. We only need a few things from you before we can proceed.

What is Payment Method Distribution (PMD)?

One benefit of Spreedly is that we reduce the PCI compliance scope of our customers by allowing them to integrate with gateways and other third parties (such as your API) without ever touching or knowing the actual credit card number.

Payment Method Distribution is the process by which a customer tells Spreedly to initiate a call to your API and to include credit card data that is securely stored and tokenized within Spreedly’s vault. We then act as a proxy that adds in sensitive cardholder data before passing along the customer’s API request to you.

However, in compliance with our own PCI Level 1 certification, before we can pass along sensitive data on the customer’s behalf we have to ensure your API is also PCI compliant itself.

Illustration affiliates color

What we need from you

To verify your level of PCI compliance and enable a PMD integration with Spreedly for your customer, please send the following to (if you’re not familiar with some of these terms you can see examples of Spreedly’s AOC and ASV Scan Report here):

  • Attestation of compliance (AOC) or applicable SAQ for your business; and
  • A current ASV Scan Report Attestation of Scan Compliance
  • Your API’s technical integration documentation, including its production URL

After receiving this information, it usually only takes a week or two for your customer to begin transacting against your API with real cardholder data.

Can my other customers use PMD too?

Yes! After the initial PMD integration has been approved, any of your other customers will be able to immediately send protected card data to your API without exposing themselves to the rigors of PCI compliance. Feel free to point other clients to us if you think we can help. Or contact sales if you have additional questions.

About Spreedly

Spreedly is a payment platform designed to help merchants and services work with a wide variety of payment options. FinTech startups, SaaS platforms and Metasearch services all rely on Spreedly to help them more effectively manage payments.

We securely tokenize credit cards and offer our customers the ability to vault card data in their own cloud-based independent vault. Those cards can then be used by customers across multiple payment endpoints ranging from payment gateways like PayPal or Stripe to vertical APIs like Sabre or Ticket Master.