The Hydrogen Debit offering is PCI DSS compliant. All Hydrogen Debit no-codes applications have been certified PCI compliant by the network and bank sponsor. This means that our clients do not need to have any PCI compliance to use the platform!
If you require users to view their full card PAN and CVV code, such as when they need a virtual card for online purchases, please embed our "Card Image" Web Component or WebView, which is also included in our white label app. All data shown to the user is trafficked through a PCI compliant server.
Our APIs only will return the card mask (last 4) and expiry date, NOT the full card PAN and CVV security code. Both of these data points would put you in PCI scope. The vast majority of use cases will not require this data. We highly recommend that you do not add PCI scope to your app, unless it's absolutely necessary for your use case, or you already are certified. Please consult with your account manager for best practices if you are unsure.
We do have an API endpoint that can be exposed with extra permissions, which will return the full card PAN and CVV, but this requires an additional legal review of your PCI certification and all systems used to access the data. This feature is only available for Custom debit programs.