PCI DSS in a nutshell
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards.
Although the PCI DSS must be implemented by all entities that process, store or transmit cardholder data, formal validation of PCI DSS compliance is not mandatory for all entities. Smaller merchants and service providers are not required to explicitly validate compliance with each of the controls prescribed by the PCI DSS although these organizations must still implement all controls in order to maintain safe harbor and avoid potential liability in the event of fraud associated with theft of cardholder data.
Probably the safest online store compliance design around
SeoToaster has been designed to limit security breach potential and payload. As a result, when powered by SeoToaster and one of our approved payment plug-in, your customer credit card information is never stored by your online store database. Instead, your customer's credit card information is sent directly from their own computer web browser (encrypted over SSL if you purchased and installed a certificate on your website) over to the payment processing gateway via the checkout plug-in.
These plug-ins are encrypted to avoid tempering, and use the merchant processing gateway's own API to transmit the credit card information for processing. You only get the transaction status in your back-office, and obviously all the information necessary for you to process the customer's order. If you need to access credit card details information, please refer to your processing gateway website.
Take away
We do not store any of your sensitive payment information on our servers; it stays at
PayPal, Authorize.net, Eway and other gateway providers, who are PCI Compliant. Even though we
don't store any sensitive data in your install of SeoToaster, we take security seriously.
