How does PAYMILL’s PayFrame solution work?

This page provides more details on how PAYMILL’s PayFrame solution works. It is intended to help you better evaluate its functionality and potentially answer questions related to the PCI DSS on your own. We recommend however that you discuss any specific questions about your website with your technical website manager or shop system provider. Specific questions about the PCI DSS can be answered by the contact person at our partner banks — the relevant contact addresses can be found on the previous page.


1. Will my shop receive credit card data if I use the current PAYMILL gateway?

No, each customer’s credit card data is sent directly from the customer’s browsers to our PCI-certified solution.


2. Is it possible for me to use the PAYMILL gateway or the Merchant Center to see the complete credit card data from my customer, such as through invoicing documents, receipts or other files?

No, for security reasons the credit card number is only transmitted in a masked form.


3. PAYMILL is PCI DSS-certified. Does this mean my online shop is being operated by a PCI DSS-certified service provider?

No. Thanks to PAYMILL, your customers’ sensitive credit card data is protected and does not come in contact with your Webshop. This applies only to the payment solution, not the operation of your overall website. Some shop systems and e-commerce software solutions such as Shopify are PCI DSS-certified, with PAYMILL integrated. This means that both payment solution and operation of the website are protected. If you have questions, please contact your technical manager or website service provider.


4. My online shop is operated and hosted using a shop system / e-commerce software such as Shopify or LemonStand. Does this impact my PCI DSS self-disclosure?

For these providers, PAYMILL is directly integrated as a payment solution, meaning that retailers have no direct influence on the technology behind the Webshop. For more information, please visit:




5. Does PAYMILL provide a payment page?

Yes, our current bridge and API provide you with a payment page hosted by PAYMILL that can be integrated directly into your checkout. This ensures that your shop will not receive, process or forward any credit card data. If you are using our previous bridge, which is also functional, then this does not count as a payment page, since you can create your payment form on your own.


6. To use PAYMILL, do files from my Webshop have to be used in the Payment Page, such as images and CSS files?

That depends on your requirements. If you want to integrate PAYMILL directly and use the PayFrame, then all elements come from the PAYMILL servers and you have no influence on this. In exchange, you’ll fulfill the requirements to be eligible for SAQ A. If you want to design your own credit card payment form and can accept the conditions of the SAQ A-EP, then you can use the bridge without the PayFrame.


7. Where and how does PAYMILL confirm the secure handling of my data and my customers’ credit card data?

These points are established in our General Terms and Conditions (Section 5 and 10) and Privacy Policy declaration.


8. Where can I find information about PAYMILL’s compliance with the PCI data security standard?

This information can be found here.