Knowledge BaseSecurity Measures & Privacy Policy

Security Measures & Privacy Policy

Sana Commerce 9.2
Your connector

Select all
Back Next

PCI Compliance

PCI compliance simply means that the shop owner's business meets the requirements established by the Payment Card Industry (PCI) Security Standards Council. The council is run by the five major credit card companies - Visa, MasterCard, Discover, American Express and JCB International - and is responsible for enforcing the PCI Data Security Standards (PCI DSS).

Sana Commerce and PCI compliance

PCI compliance is the responsibility of the shop owner. Sana Commerce helps the shop owner with his or her compliance, as set out below.

Regarding the PCI-DSS requirements: many of the PCI requirements are beyond the scope of Sana Commerce, but fall into the area of business policies/best practices for the shop owner to comply with. You can find the latest requirements here.

How Sana Commerce helps its merchants to be PCI compliant

Sana Commerce makes PCI compliance easier by offering integrated payment gateways that allow shop owners to securely transmit credit card data via either the hosted payment forms provided by the payment gateway, and/or tokenized payment methods that integrate with the shop owner's checkout pages. The payment methods offered by Sana Commerce allow shop owners to offer a seamless checkout.

Sana Commerce keeps sensitive cardholder data outside of the Sana Commerce server: all processing of cardholder data is entirely outsourced to the validated third-party service providers. Sana Commerce does not electronically store, process, or transmit any cardholder data on its systems or premises, but relies entirely on the connected payment provider(s) to handle all these functions.

The advantage of this approach is that this enables updates to Sana Commerce with new features without having to go through PCI compliance re-assessment of the Sana Commerce platform. Given this efficient and secure approach, Sana Commerce shop owners can apply for compliance via self-assessment through the applicable PCI SAQ A or PCI SAQ A-EP form. You can find more information about the self-certification here.

Back Next
Knowledge BaseSecurity Measures & Privacy Policy

Sitemap

Installation

Product Versions

Links

Sana Commerce does not accept any liability for the content of this website, or for the consequences of any actions taken on the basis of the information provided. The information below should be interpreted as an example. No rights can be derived from this information.

Sana Commerce – the integrated e-Commerce solution for Microsoft Dynamics and SAP
© 2018 Sana Commerce. All rights reserved
Updated: January 2017