PCI compliance
To keep cardholder data secure, the major payment card brands (Visa, MasterCard, American Express, Discover, and JCB) formed an independent body known as the PCI SSC to formulate a set of regulations.
These regulations, known as the Payment Card Industry Data Security Standard (PCI DSS), are a set of security standards designed to ensure that all companies that accept, process, store, or transmit card information do so in a secure way and in a secure environment.
How are PCI DSS regulations satisfied?
To satisfy the requirements of the PCI DSS, a merchant must ensure that any card transactions it is involved with are processed securely and any stored cardholder data is stored securely.
Further, there is a requirement that every year each merchant:
- Completes a self-assessment questionnaire
- Passes a vulnerability scan conducted on any network in which card transactions are carried out
- Completes an attestation of compliance
- Submits the attestation of compliance and vulnerability scan results to their acquirer
Is ShopWired PCI compliant?
Is ShopWired PCI compliant?
Yes. The PCI DSS also applies to the ShopWired platform and mandates that ShopWired maintains compliance.
If you require a copy of our PCI DSS compliance, contact support.
ShopWired does not provide copies or the results of the vulnerability scans or penetration tests that we complete.
ShopWired Payments
- ShopWired Payments is designed as an integrated payment solution, and all card transactions are processed within ShopWired
- All technical and security responsibilities are managed by ShopWired and ShopWired Payments
- ShopWired Payments therefore assumes the responsibility for PCI compliance for merchants using its payment solution
- All merchants using ShopWired Payments are automatically PCI compliant with respect to their use of ShopWired Payments and do not need to take any further action
- There is no requirement to complete a self-assessment questionnaire
- There is no requirement to complete an attestation of compliance
- There is no requirement to complete a vulnerability scan
Vulnerability scans
Vulnerability scans
If you need to conduct a PCI DSS vulnerability scan on your ShopWired website, you must provide the IP address(es) that the scanning tool will use to ShopWired support.
This is necessary so that ShopWired can these IP addresses to prevent them from being blocked by the security system. When providing the IP address(es):
- IP addresses will be added within 2 working days of your request
- Once the IP addresses have been confirmed as being added, you will have 6 days (144 hours) to complete the scan
- When using a scanning tool to scan ShopWired for PCI compliance, please ensure that you are scanning your website address, not ShopWired's IP addresses
The web server stopped responding
If your PCI scan reports an issue such as "the web server stopped responding," it is likely that ShopWired’s security system blocked requests made by your scanning tool. In such cases, you will need to perform a rescan after asking ShopWired to whitelist the IP address(es) of the scanning tool.
ShopWired support and PCI related questions
ShopWired support and PCI related questions
ShopWired support can:
- Answer questions about how ShopWired and ShopWired Payments are PCI compliant
- Provide ShopWired's and ShopWired Payments' Attestation of Compliance documentation
- Assist in whitelisting the IP addresses of your scanning tool so a scan can be completed
ShopWired support cannot:
- Answer general questions about PCI compliance except where you are using ShopWired Payments
- Help you to complete a PCI compliance questionnaire
- Explain the results of a PCI scan
Responsibility for assisting you with your own PCI compliance lies with your payment gateway. You should speak to your payment gateway for support about all aspects of PCI compliance.
