Our systems are PCI DSS compliant and US/EU Safe Harbor certified, and our PCI-DSS compliance is validated by Trustwave.
It’s Your Data – We Keep it Secure
You own all data associated with your account, including transactions and customer records. We provide the service and maintain the integrity of your data. We never purge records during the life of your account. You may export all or part of your data any time in a variety of portable formats, including: XML, CSV and MS Excel®.
We run automatic encrypted backups to ensure your online data is safe and protected.
We host and maintain your back-office application, and take care of future patches and updates for you.
We are constantly improving our features, provide free updates, and regularly add new features at no extra charge.
Enable Two-Factor Authentication for added security.
Remote Vulnerability Scanning
Checkfront undergoes regular PCI Compliance scans to ensure we are PCI-DSS compliant. These scans check for known vulnerabilities and common security holes in server configurations. They are performed by our security compliance provider, Trustwave.
Fast, High-Availability Hosting
To deliver maximum reliability and performance, Checkfront operates on a distributed network with data centers in five geographically diverse locations, including the United States, United Kingdom and Asia. Our data centers are high-speed, redundantly powered state-of-the-art facilities.
- Google Inc. – Cloud Services Platform
- ZenDesk – Cloud Based Customer Support Services
- Postmark – Cloud Based Email Notification
- Sparkpost – Cloud Based Email Notification
- Pendo.io – Third party analytics provider
- Full Story – Cloud Based Visual Behaviour tracking
Checkfront is PCI DSS compliant. This compliance extends to all accounts powered by Checkfront and transactions that are processed through our system.
The PCI Data Security Standard (PCI DSS) was created by the major credit card companies to ensure the adoption of consistent security measures by all merchants.
There are six categories of PCI standards that must be met in order for a merchant to be deemed compliant:
- Maintain a Secure Network
- Maintain a Vulnerability Management Program
- Regularly Monitor and Test Networks
- Protect Cardholder Data
- Implement Strong Access Control Measures
- Maintain an Information Security Policy
Checkfront does not store cardholder data on premises but relies entirely on third party payment gateways to handle these functions. Our third party service providers handle payment processing and storage of cardholder data. All third party processor supported by Checkfront are PCI DSS certified.
* Note that your merchant bank may have additional PCI compliance requirements. Software as a Service applications, such as Checkfront, are considered service providers. PCI compliance is confirmed only for accounts that utilize a compatible payment gateway.
Please see our Data Protection, Ownership & Confidentiality in our Terms of Service, or contact us for information on our PCI policy and compliance.