We capture card details inside a Paytia-hosted iframe, served directly from our PCI DSS Level 1 environment. Your website never handles the raw card data — it goes straight from our iframe to your payment gateway. That keeps your servers completely out of PCI scope.
Card data never touches your servers
Configure your payment form
Set up branding, fields, and gateway in the portal
Customer enters card details
Secure Paytia iframe captures data on your site
Payment processes securely
Direct to gateway with instant confirmation
Card data goes from our iframe straight to your gateway. Your servers don't see it, store it, or transmit it. That's the whole point.
The card entry fields are hosted inside a Paytia iframe — served directly from our PCI DSS Level 1 environment. Your web server only ever sees a transaction reference. It doesn't handle, store, or even see the raw card numbers.
We're a certified PCI DSS Level 1 service provider — the highest level there is. That certification covers the entire card capture and processing flow, which means your PCI scope shrinks dramatically. No more expensive annual audits just for taking card payments on your website.
3D Secure authentication, address verification (AVS), CVV checks, and velocity monitoring are all included. We flag suspicious patterns in real time and block high-risk transactions before they complete — without adding friction for genuine customers.
We don't lock you into a Paytia payment gateway. We work with Stripe, Barclaycard, Adyen, Worldpay, and other major processors. If you've already got a gateway relationship you're happy with, we slot in alongside it.
The payment form sits on your page and can be styled to match your brand. From the customer's perspective it's part of your checkout. Behind the scenes, the sensitive fields are served from Paytia's secure environment — completely invisible to your server.
Returning customers don't need to re-enter their card details. We store a secure token — not the card number — so they can pay again in seconds. Works for subscriptions, payment plans, or any repeat purchase model.
There are plenty of payment providers. Here's what's specific to how we do things.
We're certified at Level 1, which covers the highest volumes and the most rigorous security controls. You benefit from that certification without having to achieve it yourself.
Because card data flows from our iframe straight to the gateway, your web servers don't touch it. That takes a large chunk of PCI scope off your plate — fewer controls to implement, fewer boxes to tick at audit time.
We work with most major UK and international payment gateways. If you switch processors down the line, you don't have to switch your whole payment integration — just reconfigure the gateway connection in the Paytia portal.
Drop in an iframe embed, redirect to a hosted payment page, or call our API directly. You pick the approach that fits your stack. Most teams are processing test payments within a day.
3D Secure, AVS, CVV checking, and velocity limits come as standard. We don't charge extra for fraud protection features that should be baseline in any payment product.
Paytia isn't trying to be your CRM, your helpdesk, and your payment provider all in one. We do secure payments — phone and web — and we focus on doing that well for businesses that take compliance seriously.
We support 3DS2, which adds an authentication step for high-risk transactions while letting low-risk payments through without interruption. That means fewer chargebacks for you and a better experience for your customers.
You control what the payment form asks for — order references, customer IDs, custom fields. The form can be styled to match your colour scheme and fonts so it doesn't look bolted on.
See every transaction as it happens: status, amount, gateway response, and any flags raised. You can filter by date, status, or customer reference — no waiting for end-of-day reports.
We send payment status updates to your backend the moment a transaction completes, fails, or is refunded. Plug straight into your order management or CRM system without polling our API.
In the Paytia portal, set up your payment form with your branding, fields, and payment gateway. Paytia generates an embed code you can paste into your website.
The customer enters their card number, expiry, and CVV in the embedded form on your site. The form is hosted in a secure Paytia iframe so card data never touches your servers.
Card details are sent directly from the Paytia iframe to your payment gateway. The customer sees instant confirmation. You receive a notification and the transaction appears in your dashboard.
Three ways to integrate — pick whichever fits your stack. All three keep card data out of your servers and inside our PCI DSS Level 1 environment.
Paste a snippet of code into your website and the payment form appears in place. It looks like your checkout — the card fields are served from our environment. Your servers don't see the card data.
We host a fully branded payment page you can link or redirect to. No development work needed — set it up in the Paytia portal and it's ready. Good for email invoicing or quick deployments.
Full programmatic control over the payment flow. Trigger payment sessions, retrieve transaction data, and handle webhooks directly from your backend. Full API docs included.
We'll show you exactly how the iframe capture works, walk through the integration options, and answer your PCI scope questions. No sales pitch, just the specifics.
Used by British American Tobacco · Howard Kennedy · CITB · Clinical Partners · Trinity Hall College
Since 2016
Building secure payments
PCI DSS Level 1
Highest certification
99.99%
Platform uptime
£40M+
Transactions processed
Other ways to take payments in this channel.
Send secure branded payment links by email, SMS, or chat. Expire them any time.
Learn moreBranded links with 4-digit security codes and a unified agent interface.
Learn moreFully branded Stripe-backed checkout pages with custom fields and payment rules.
Learn more