The Payment Card Industry Data Security Standard (PCI DSS) is a set of guidelines which regulate all organizations which handle credit cards. Any merchant processing credit card transactions must comply with the standards, which help prevent fraud and increase security.
Checkfront has now upgraded to PCI 3.1 SAQ D compliance.
Checkfront users are safe to conduct their transactions using our app, because we are fully PCI 3.1 SAQ D compliant. This extends to all Checkfront accounts and the transactions processed through our system.
How does Checkfront protect me?
The PCI standard outlines six major categories of rules, which must be met by a merchant in order to be compliant:
- Maintain a secure network, which we do via our TLS/SSL certificates
- Maintain a vulnerability management program
- Regularly monitor and test networks
- Implement strong access control measures
- Maintain an information security policy (https://www.checkfront.com/security)
- Protect cardholder data
Checkfront does not store credit card data; all transactions are done through secure third-party payment gateways. All gateways that can be used with Checkfront are PCI DSS certified.
What has changed?
PCI DSS has been updated to version 3.1, which primarily informs people that they’re no longer allowed to use weak encryption protocols (such as SSL 3 and TLS 1.0) for security control. The TLS 1.0 protocol has been the subject of several vulnerabilities and has widely been discarded (the current update is 1.2). As a result, any business or website which handles credit card details will be phasing out TLS 1.0 from their servers, and this includes Checkfront. While you are not currently vulnerable to any attacks, this will help to ensure that your communications remain secure. We will be phasing out TLS 1.0 in January 2016.
How does this affect me?
In most cases, there will be little to no impact on your business directly, unless you are using the Checkfront API in a complex integration. No action should be required on your part. For customers using modern browsers and devices, there will be no discernible change; however, many older browsers are inherently insecure, and customers who use those archaic browsers may have some difficulty viewing a secure page unless they upgrade. If a customer is using Windows XP or Vista combined with Internet Explorer, or the default browser on Android 4.3 or earlier, it is highly recommended that they update to a modern browser like Firefox or Chrome.