PCI-DSS compliance is a security standard for companies and organizations that handle payment information from consumers. Both of Squarespace’s payment processors, Stripe and PayPal, are PCI compliant.
What is PCI-DSS Compliance?
PCI-DSS (Payment Card Industry Data Security Standard) is a framework for developing a robust payment card data security process—including prevention, detection and appropriate reaction to security incidents. To learn more, visit the PCI Council’s website.
Is Squarespace Commerce compliant?
Yes. All of Squarespace's built-in Commerce tools are compliant. Sensitive card data is never handled by Squarespace. It goes directly to the payment processor’s servers; Squarespace doesn’t have access to this information.
Can I do a third-party compliance scan on my site?
Yes. You’re welcome to check our platform’s PCI compliance using third-party scanning services, like Trustwave. Note that the scan may produce an error that references TLSv1.0 ciphers.
This is not a security issue or a PCI compliance issue.
These ciphers are being phased out of PCI compliance, but not until June 2018. Our use of these ciphers meets current PCI compliance standards.
I have other questions about PCI-DSS.
For general PCI-DSS compliance questions, please contact your payment processor.