- 03 May 2023
- 1 Minute to read
- Updated on 03 May 2023
- 1 Minute to read
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.
Processing, transmitting, and storing credit card data requires an organization to be in compliance with the PCI Data Security Standards (PCI DSS). PCI compliance decreases the footprint of where a Cardholder's data is located throughout an organization.
Stripe makes it easy to be in compliance. Using the Payments app with the Virtual Terminal or PayLink features reduces your PCI compliance scope even more. Your next step is to take a PCI DSS Self-Assessment Questionnaire to become fully PCI compliant.
If you do seek complete PCI compliance, we recommend hiring a PCI compliance auditor to audit your practices. The information here is for guideline purposes only and is not to be used as legal advice.
Blackthorn | Payments
Salesforce has stringent security standards and Stripe is PCI Level 1 Service Provider - the most stringent level of certification available in the payments industry. To help maintain compliance, Blackthorn Payments does not store card or ACH details, it only stores the Card ID, which is a unique ID generated by Stripe.
Blackthorn Payments also complies with Stripe's usage requirements of utilizing TLS (Transport Layer Security) with either Checkout or Stripe.js. Click here for additional information.
If you need to provide someone else with an Attestation of Compliance (AOC), and/or you are asked to fill in a PCI DSS Self-Assessment Questionnaire (SAQ), then Stripe will already have you covered! Just go to your Stripe security settings and click on “View completed document”. They will have pre-filled the documents for you.