Since HiConversion doesn’t process, store, or transmit credit card information, most of the compliance requirements are mitigated.
HiConversion is, however, often used on checkout funnel pages where visitors are asked to enter their credit card details. Although HiConversion doesn’t transmit or process data, this is a touchpoint with your visitors’ data. Generally, any system that could potentially be used to get to your visitors’ credit card data is within scope of PCI DSS and, therefore, must adhere to the strict rules the payment industry enforces to protect cardholder’s sensitive information.
There are two options for using HiConversion in compliance with PCI DSS.
Option 1: Forgo placing HiConversion’s tag on the page where visitors enter their payment information. Deploy HiConversion’s tag on all other pages, instead. This way, there will be no impact on your PCI DSS compliance.
Option 2: Embed a Credit Card form field through an iFrame to remove HiConversion from the scope of PCI DSS compliance completely. Or redirect users to a payment page hosted by your payment processor. This is what many popular payment processors like Stripe, Paypal or Adyen do.
This way, HiConversion’s code can’t access these fields because it’s shielded from our snippet. On the downside, you also won’t be able to change these fields and optimize them without actually making a separate version of this form available.