Here you can find security information about our e-commerce platform, Shopify, and about our two credit card gateways, Authorize.net and PayPal.
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle credit card and debit card information. Defined by the Payment Card Industry Security Standards Council, the standard was created to increase controls around credit card data to reduce credit card fraud via its exposure. If you want to sell online and accept payments from Visa, MasterCard, American Express or Discover credit cards, your software and hosting needs to be PCI compliant.
There are six categories of PCI standards that must be met in order for a merchant to be deemed compliant:
Yes, Shopify is certified Level 1 PCI DSS compliant. This compliance extends to all online stores powered by Shopify.
We are very serious about securely hosting your online store and have invested significant time and money to certify our solution is PCI compliant. From annual on-site assessments validating compliance to continuous risk management, we work really hard to ensure our shopping cart software and ecommerce hosting is secure.
All Shopify online stores are automatically PCI compliant. When you choose Shopify to power your online store, you can rest easy knowing that we invested significant time and money to obtain our Level 1 PCI certification and that our certification covers your online store, its shopping cart and web hosting.
For additional information on PCI Compliance, visit the PCI Compliance Guide website.
Authorize.Net is committed to safeguarding customer information and combating fraud. We operate with a mission to provide the most secure and reliable payment solutions for you and your customers.
To accomplish this, Authorize.Net dedicates significant resources toward a strong infrastructure, and adheres to both strict internal security policies and industry security initiatives.
With Authorize.Net, your customers can be confident their data is secure. We utilize industry-leading technologies and protocols, such as 128-bit Secure Sockets Layer (SSL) and we are compliant with a number of government and industry security initiatives.Payment Card Industry Data Security Standard
The Payment Card Industry Data Security Standard (PCI DSS) is a set of comprehensive requirements developed by the major card brands to facilitate the adoption of consistent data security measures. Each year we renew our PCI DSS compliance. To confirm our PCI compliance, please see Visa's list of compliant service providers.
If an eligible item that you’ve purchased online, eBay or otherwise, doesn’t arrive or doesn’t match the seller’s description, we will look into it. If it's discovered that something is wrong, our Purchase Protection will reimburse you for the full purchase price of the item plus shipping costs.
For more information, see user agreement