Latin America Payment & Fintech 2026Updated

List of PCI DSS Compliant Payment Gateway Providers in Latin America

Directory of payment gateway providers operating across Latin America with verified PCI DSS certification, covering local acquirers, cross-border processors, and regional fintech platforms with support for cards, PIX, OXXO, boleto, and 300+ local payment methods.

Available Data Fields

Provider Name

PCI DSS Compliance Level

Headquarters

Countries Covered

Supported Payment Methods

Processing Model

Local Acquiring Capability

API Integration Type

Settlement Currencies

Fraud Prevention Tools

3D Secure Support

Certification Assessor (QSA)

Data Preview

* Full data requires registration

Provider Name	PCI DSS Level	Headquarters	Countries
EBANX	Level 1	Curitiba, Brazil	Brazil, Mexico, Colombia, Argentina, Chile, Peru + 9 more
dLocal	Level 1	Montevideo, Uruguay	Brazil, Mexico, Colombia, Chile, Peru, Argentina + 34 more
Kushki	Level 1	Quito, Ecuador	Chile, Colombia, Ecuador, Mexico, Peru
PayU Latam	Level 1	Bogotá, Colombia	Colombia, Argentina, Brazil, Chile, Mexico, Panama, Peru
Mercado Pago	Level 1	Buenos Aires, Argentina	Argentina, Brazil, Chile, Colombia, Mexico, Peru, Uruguay, Venezuela

100+ records available for download.

* Continue from free preview

PCI DSS Compliant Payment Infrastructure Across Latin America

Latin America's digital payments market has matured rapidly, but navigating PCI DSS compliance across 20+ jurisdictions remains a core challenge for fintechs and enterprises expanding into the region. With PCI DSS v4.0.1 now fully enforced as of 2025, the compliance bar for payment processors has risen significantly — requiring automated log monitoring, expanded multi-factor authentication, targeted risk analysis, and tighter script controls on payment pages.

Regional vs. Cross-Border Processors

The LATAM payment gateway landscape splits into two categories:

Regional Native Acquirers: Companies like Kushki (Ecuador), Conekta (Mexico), and PagSeguro (Brazil) operate as licensed acquirers in their home markets, offering direct card processing with local BINs and domestic settlement. These providers typically deliver higher authorization rates for in-country transactions.
Cross-Border Orchestrators: EBANX, dLocal, and PayU Latam aggregate multiple local acquiring relationships under a single API, enabling merchants to process across Brazil, Mexico, Colombia, Argentina, Chile, Peru, and beyond without establishing local entities in each market.

PCI DSS v4.0.1: What Changed

The 2025 enforcement deadline brought several requirements that directly impact gateway selection:

Requirement	Impact on Gateway Selection
Targeted Risk Analysis (12.3.1)	Gateways must document risk-based justification for all security controls
Automated Log Review (10.4.1.1)	Manual log review no longer acceptable — look for SIEM integration
Script Management (6.4.3)	All payment page scripts must be inventoried and integrity-verified
Enhanced MFA (8.4.2)	MFA required for all access to cardholder data environments

Local Payment Method Coverage

PCI DSS certification covers card data handling, but LATAM success depends heavily on supporting local alternative payment methods (APMs). The leading gateways in this dataset support methods including:

Brazil: PIX (instant), Boleto Bancário, local credit cards (Elo, Hipercard)
Mexico: OXXO (cash voucher), SPEI (bank transfer), CoDi
Colombia: PSE (bank transfer), Nequi, Efecty
Argentina: Rapipago, Pago Fácil, Mercado Pago
Chile: Servipag, Webpay (Transbank)

Compliance Verification

All providers in this dataset have been cross-referenced against the Visa Global Registry of Service Providers and Mastercard's Compliant Service Provider List. PCI DSS compliance level (1 through 4) is determined by annual transaction volume — Level 1 providers process over 6 million Visa/Mastercard transactions per year and undergo annual on-site assessments by a Qualified Security Assessor (QSA).

Frequently Asked Questions

Q.How is PCI DSS compliance level determined for each provider?

Compliance level is based on annual transaction volume. Level 1 applies to providers processing over 6 million Visa or Mastercard transactions per year and requires an annual on-site assessment by a Qualified Security Assessor (QSA). Levels 2–4 apply to lower volumes with less rigorous validation requirements.

Q.Does this dataset include providers with local acquiring licenses or only cross-border processors?

Both. The dataset covers locally licensed acquirers (such as Kushki in Ecuador and Conekta in Mexico) as well as cross-border orchestration platforms (like EBANX and dLocal) that aggregate multiple local acquiring relationships under a single integration.

Q.How current is the PCI DSS certification data?

When you request this data, our AI crawls current public sources including the Visa Global Registry of Service Providers and Mastercard Compliant Service Provider lists. Certification status reflects what is publicly available at the time of your request, not a static snapshot.

Q.Are alternative payment methods like PIX and OXXO included in the data?

Yes. Beyond card processing capabilities, each provider entry includes supported local payment methods such as PIX and Boleto in Brazil, OXXO and SPEI in Mexico, PSE in Colombia, and other country-specific methods.

Q.Can I filter by specific countries within Latin America?

Yes. You can specify target countries (e.g., only Brazil and Mexico, or all of Central America) and the dataset will be filtered to providers with verified operations in those markets.