Security and PCI compliance FAQ
Recharge uses industry-standard encryption techniques and stores all personally identifying information in a secure manner. In addition, Recharge stores all credit card information with a third-party PCI compliant credit card vault.
Sections
- What is PCI compliance?
- Is Recharge PCI compliant?
- Can Recharge get hacked and leak credit card numbers?
- Does Recharge use encryption?
What is PCI compliance?
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle credit card and debit card information. Defined by the Payment Card Industry Security Standards Council, the standard was created to increase controls around credit card data to reduce credit card fraud via its exposure. If you want to sell online and accept payments from Visa, MasterCard, American Express or Discover credit cards, your software and hosting needs to be PCI compliant.
There are six categories of PCI standards that must be met in order for a merchant to be deemed compliant:
- Maintain a secure network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
Is Recharge PCI compliant?
Yes, Recharge uses a third-party credit card vault which is a Level 1 Service Provider. This is the highest level of PCI DSS compliance. To read more about this, visit Spreedly's article on PCI Compliance.
You can also refer to Spreedly's PCI compliance documents, which includes the Attestation of Compliance and the ASV Scan Report Attestation of Compliance.
Can Recharge get hacked and leak credit card numbers?
Recharge does not store credit cards. Recharge uses a secure third-party credit card vaulting service that is fully PCI-compliant. To learn more, visit PCI.
Does Recharge use encryption?
Yes, all checkout processes and customer actions (such as modifying subscriptions) occur over an industry-standard SSL connection.