## Zoho Payments Documentation Index Access the complete documentation index at: https://www.zoho.com/in/payments/llms.txt Use this file to discover all available documentation pages before proceeding. # Security and Compliance Zoho Payments follows strict security and compliance protocols to protect sensitive customer data and ensure secure transactions. It adheres to industry standards and certifications, creating a trusted environment for handling payment information. These comprehensive measures ensure safety and reliability for both merchants and customers. * [Compliance](#compliance) * [Security for Merchants](#security-for-merchants) * [Security for Customers](#security-for-customers) * * * ## Compliance ### PCI DSS Compliance Zoho Payments is [PCI DSS Level 1](https://www.ampcuscyber.com/certificate/zoho-corporation-pci-dss-v4-coc.pdf "pci-dss") certified, ensuring that cardholder data is processed, stored, and transmitted securely, keeping your business compliant with global security standards. ### ISO 27001:2022 Compliance Zoho Payments is ISO 27001:2022 certified, following globally recognised practices to manage and protect information security across the organisation, as well as to securely manage customer data and ensure reliable information security practices. * * * ## Security ### Security for Merchants Zoho Payments has implemented the following security measures for merchants. #### Secure Network Connections All communications from Zoho Payments are secured using HTTPS with TLS 1.3 (Transport Layer Security) encryption, ensuring that data transmitted via the website, dashboard, widget, APIs, and webhooks remains secure. This prevents unauthorised access and keeps your transaction data safe during transmission. #### Multi-Factor Authentication To keep your Zoho Payments account secure, Multi-Factor Authentication (MFA) is mandatory when creating your account. This extra layer of security helps protect your account by ensuring only you can access it. #### Re-authentication for Sensitive Actions For critical actions such as API key generation or updating account details, business profile, owner, representative details, and bank account, Zoho Payments requires additional authentication to prevent unauthorised changes. #### Role-Based Access Control The account owner or admin can assign role-based access to different users within your organisation. This ensures that employees only have access to the modules and data necessary for their role, minimising security risks. * * * ### Security for Customers Zoho Payments has implemented security measures to protect customer data and ensure secure transactions. #### Secure Network Connections Zoho Payments requires HTTPS connections for all customer interactions, ensuring that data transmitted over the internet is secured with TLS 1.3 encryption. #### Payload Encryption Zoho Payments employs payload encryption for APIs within the checkout widget, ensuring that customer payment data is encrypted before transmission.