The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard containing a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions, as well as to protect cardholders against misuse of their personal information.
Defined by the Payment Card Industry Security Standards Council, the standard was created to increase controls around credit card data to reduce credit card fraud via its exposure.
The PCI DSS specifies and elaborates on six major objectives:
Yes, Business Catalyst is certified Level 1 PCI DSS compliant. This compliance extends to all online shops powered by Business Catalyst.
We take security very seriously and as such we have invested significant effort in making sure Business Catalyst is PCI compliant. We have implemented a large variety of security mechanisms, such as AAA (Authentication, Authorization, and Access Control), attack detection and annihilation mechanisms, encryption of sensitive data, firewalls, anti-virus, etc. All cardholder data specific mechanisms, environments, policies, procedures, etc. have been audited for security compliance by an accredited 3rd party investigator. Moreover, the Business Catalyst code and environments are regularly tested for security holes both manually and using various 3rd party penetration software. A multitude of security standards are considered and followed.
We provide the PCI compliance related documentation upon request. Just file a ticket with our support team from your Partner Portal or your Admin Console by clicking on the Help & Support option (on the top right corner of the screen) and request these documents:
Note: The quarterly scan report will be provided after having received the copy of the bank’s or merchant’s request.
For a quick look at the various security measures and mechanisms we have implemented in order to provide the highest level of security please take a look at the security overview document or download the Business Catalyst security whitepaper.
More details on adobe security standards could be found on the Adobe Security Resources page.