The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. Bold Subscriptions V1 is PCI compliant, uses industry-leading encryption techniques, and processes all personal information securely.
All supported payment gateways in Bold Subscriptions V1 are also required to be PCI compliant as well; As this is where the credit card information is processed and stored for you and your customers.
Stripe is the recommended payment gateway for use with Bold Subscriptions V1. Visit Security at Stripe for more details.
Alert
Please note that this article only relates to Version 1 of Bold Subscriptions. If you have Version 2 of Bold Subscriptions installed on your store, please visit Subscriptions V2 Overview.
If you are unsure of which version of Bold Subscriptions that you have currently installed, please visit Identify Your Version of Bold Subscriptions.
PCI Standards
There are six main categories to be considered compliant; these are all met by the Supported Payment Gateways in Bold Subscriptions V1:
- Build and Maintain a Secure Network and Systems
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
In addition to this, Bold Subscriptions V1 must adhere to a subset of the PCI Data Security Standards and has implemented controls in relation to the following (where applicable):
- Do not use vendor-supplied defaults for system passwords and other security parameters.
- Identify and authenticate access to system components.
- Restrict physical access to cardholder data
- Maintain a policy that addresses information security for all personnel
With Subscriptions and one of the Supported Payment Gateways in Bold Subscriptions V1 together you can be assured that you are adequately protected with industry-leading PCI compliance and security standards.