VWO Experience Optimization Platform complies with Payment Card Industry Data Security Standard version 3.2.1 Level 2 Service Provider. VWO is a service provider and does not process cardholder data.
VWO and PCI DSS
VWO complies with the Level 2 Service Provider certification process, which validates compliance on an annual basis by verifying adherence to PCI DSS requirements assessment, which includes validating the integration code i.e JS SmartCode, SDKs required for VWO Experience Optimization Platform, development, operations, management, support and in-scope services compliance using Self-Assessment Questionnaire (SAQ-D) and Attestation of Compliance for Service Providers.
Customers are responsible for ensuring that they achieve compliance with PCI DSS requirements. The VWO Customer PCI Guide specifies areas of responsibility for each PCI DSS requirement, and whether it is assigned to VWO or the customer, or if the responsibility is shared.
Audits, Reports, and certificates
Audit cycle: Wingify’s VWO Experience Optimization Platform is assessed at least annually against the PCI DSS v3.2 standard.
Refer to the following document for more details:
- Attestation of Compliance
- VWO Customer PCI Guide of Responsibility for each PCI DSS requirements
- How to configure Your VWO account to be PCI compliant
PCI DSS Overview
The Payment Card Industry (PCI) Data Security Standards (DSS) is a global information security standard designed to prevent fraud through increased control of credit card data. Organizations of all sizes must follow PCI DSS standards if they accept payment cards from the five major credit card brands—Visa, MasterCard, American Express, Discover, and the Japan Credit Bureau (JCB). Compliance with PCI DSS is required for any organization that stores, processes, or transmits the payment and cardholder data.