We Are PCI Compliant
AdVantShop.NET adheres to the most rigorous online security standards of PCI DSS to keep your and your clients' data safe.
What is PCI DSS?
PCI DSS (Payment Card Industry Data Security Standard) is an information security standard, developed by VISA and MasterCard payment systems. It is a set of requirements, which an online store that accepts card payments, has to meet.
PCI DSS certification
PCI DSS requirements are applicable to all the companies which accept VISA and MasterCard card payments, that is why if you accept such payments in your AdVantShop.NET-based store, you need to know when you must be PCI DSS certified.
If you use AdVantShop.NET shopping cart and handle card payments via a processing center, no penalties such as fines will be imposed on you by VISA and MasterCard payment systems.
- If your online store does not handle cardholder data, that is if customers leave your website for a payment gateway server to enter cardholder data. In this case it is the payment gateway that needs to be PCI DSS certified, not your site.
- If you do not accept card payments in your store.
- If your website (or another resource that belongs to your company) requires customers to enter cardholder data or otherwise stores, handles or transmits cardholder data.
In this case you must be PCI DSS validated. Certification is carried out by audit companies - QSAs (Qualfied Security Assessor). This option is suitable for those who are ready to pay extra for a certificate and a lengthy validation process.
Today the simplest and safest method of accepting card payments is using a processing center. In this case cardholder data is requested not within your online store, but on a special page of a payment system website.
When you are using special modules, customers are requested to enter cardholder data on a special page of a payment gateway website, not in your online store. Since cardholder data is handled by the payment gateway, it is that gateway that must undergo PCI validation, not your online store.
Certification is required for your store only if your website handles cardholder data.
AdVantShop.NET shopping cart has built in functionality for connecting to processing centers that provide cardholder data safety.