PCI/DSS is the global security standard for all entities that store, process, or transmit cardholder data and/or sensitive authentication data. PCI/DSS sets a baseline level of protection for consumers and helps reduce fraud and data breaches across the entire payment ecosystem. It is applicable to any organization that accepts or processes payment cards.
PCI/DSS compliance involves 3 main things:
- Handling the ingress of credit card data from customers, namely, that sensitive card details are collected and transmitted securely
- Storing data securely, which is outlined in the 12 security domains of the PCI standard, such as encryption, ongoing monitoring, and security testing of access to card data
- Validating annually that the required security controls are in place, which can include forms, questionnaires, external vulnerability scanning services and 3rd party audits
If you're using our integrated Credit Card processor, Stripe, they will help you achieve and maintain PCI compliance for your organization.
Stripe Checkout and Stripe Elements (used for Shelterluv Text-to-Checkout and 'Customer Has No Phone' option) use a hosted payment field for handling all payment card data, so the cardholder enters all sensitive payment information in a payment field that originates directly from our PCI DSS validated servers.
With safer card acceptance methods like these, Stripe will populate the PCI form (SAQ) in the Stripe Dashboard, making PCI validation as easy as clicking a button. For smaller organizations this can save hundreds of hours of work, for larger ones this can save thousands.
Stripe acts as a PCI advocate and can help in a few different ways:
- Stripe will analyze your integration method and advise you on which PCI form to use and how to reduce your compliance burden.
- Stripe will notify you ahead of time if a growing transaction volume will require a change in how you validate compliance.
For more information, please contact Stripe support at support.stripe.com