Overview
Afterpay takes care of PCI compliance for your business
Afterpay complies with the Payment Card Industry Data Security Standard (PCI DSS) on your behalf.
We’re a certified PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, we use the best-in-class security tools and practices to maintain a high level of security at Afterpay.
What is PCI DSS compliance?
The Payment Card Industry Data Security Standard (PCI DSS) refers to payment security standards that ensure all sellers safely and securely accept, store, process, and transmit cardholder data (also known as your customers’ credit card information) during a credit card transaction.
Any merchant with a merchant ID that accepts payment cards must follow these PCI-compliance regulations to protect against data breaches. The requirements range from establishing data security policies for your business and employees to removing card data from your processing system and payment terminals.
“Cardholder” or payment data covers information such as the full primary account number (PAN), the cardholder’s name, and the credit card service code and expiration date.
While PCI compliance is not a law, that doesn’t mean being out of compliance isn’t a big deal. In fact, a 2015 Verizon Data Breach Incident Report found that there were almost 80,000 data security incidents this year. So it’s more important than ever that your payment processing life cycle is secure.
What are the consequences for noncompliance?
If your business does not comply with PCI standards, you could be at risk for data breaches, fines, card replacement costs, costly forensic audits and investigations into your business, brand damage, and more if a breach occurs.
We regularly audit the details of our implementation, including the certificates we serve, the certificate authorities we use, and the ciphers we support.
PCI compliance is a shared responsibility and applies to both Afterpay and your business. When accepting payments, you must do so in a PCI compliant manner.
Updated over 1 year ago