PCI Compliance
To keep cardholder data secure, the major payment card brands (Visa, MasterCard, American Express, Discover and JCB) formed an independent body known as the PCI SSC to formulate a set of regulations.
These regulations, known as the Payment Card Industry Data Security Standard (PCI DSS) are a set of security standards designed to ensure that all companies that accept, process, store or transmit card information do so in a secure way and in a secure environment.
Who does PCI DSS apply to?
The PCI DSS applies to any organisation, irrespective of the size or the number of transactions it processes.
How are PCI DSS regulations satisfied?
To satisfy the requirements of the PCI DSS a merchant must ensure that any card transactions it is involved with are processed securely and any stored cardholder data is stored securely.
Further, there is a requirement that every year each merchant:
- Completes a self-assessment questionnaire
- Passess a vulnerability scan conducted on any network in which card transactions are carried out
- Completes an attestation of compliance
- Submits the attestation of compliance and vulnerability scan results to their acquirer
Is ShopWired PCI compliant?
The PCI DSS also applies to the ShopWired platform and mandates that we maintain compliance.
ShopWired therefore maintains compliance with the PCI DSS.
Unfortunately, even though you use ShopWired for your website you still need to carry out the requirements of the PCI DSS regulations to maintain compliance - independent of ShopWired.
What to do if you have questions about PCI compliance
Acquirers are responsible for ensuring their processing merchants are compliant with the PCI DSS.
Unfortunately ShopWired support cannot assist you with PCI compliance questions or matters, you will need to contact your acquiring bank (payment gateway/merchant account provider) for assistance.
Vulnerability scans
In the unlikely event that you run a vulnerability scan on your website and it fails, you can send this to us for assistance.
Please ensure that your vulnerability scan has been conducted on your ShopWired website and not on your own internet network (which you may also need to scan separately) before passing it to us.