Security of Wix's Billing Services and PCI Compliance
5 min read
The security of our users' sensitive data is of extreme importance to us here at Wix and we are 100% committed to protecting it.
In this article, learn about Wix and:
PCI Compliance
The PCI DSS is an information security standard for organizations or companies that accept credit card payments. This standard helps to create a secure environment by increasing cardholder data, thus reducing credit card fraud.
Wix is Payment Card Industry Data Security Standards (PCI DSS) compliant and is accredited as a Level 1 service provider and merchant. Wix’s PCI DSS compliance is assessed by an external company, and we are audited on a yearly basis in order to align with PCI standards.
Wix PCI applications are running in a dedicated environment - with segregation from other product flows and servers - suitable for the highest PCI standards.
Within our PCI environment, we maintain the highest standard of encryption and storage measures using a FIPS 140-2-certified HSM (Hardware Security Module). Our users’ data at rest encryption utilizes AES-256, the industry’s most broadly used encryption method.
ISO Compliance
ISO 27001 Compliance
Wix has been audited and certified as ISO 27001 compliant. The ISO 27001 certification outlines industry best practices for managing security risks.
Wix has been audited and certified as ISO 27001 compliant. The ISO 27001 certification outlines industry best practices for managing security risks.
ISO 27701 Compliance
Wix has been audited and certified as ISO 27701 compliant. The ISO 27701 certification outlines industry best practices for privacy information management.
Wix has been audited and certified as ISO 27701 compliant. The ISO 27701 certification outlines industry best practices for privacy information management.
ISO 27017 Compliance
Wix has been audited and certified as ISO 27017 compliant. The ISO 27017 certification outlines industry best practices for security techniques in a public cloud computing environment.
Wix has been audited and certified as ISO 27017 compliant. The ISO 27017 certification outlines industry best practices for security techniques in a public cloud computing environment.
ISO 27018 Compliance
Wix has been audited and certified as ISO 27018 compliant. The ISO 27018 certification outlines industry best practices for security techniques for PII protection in a public cloud computing environment.
ISO 27032 Compliance
Wix has been audited and certified as ISO 27032 compliant. The ISO 27032 certification outlines industry best practices for information security system management in a cyberspace environment.
ISO 27035 Compliance
Wix has been audited and certified as ISO 27035 compliant. The ISO 27035 certification outlines industry best practices for security incident management.
TLS Certification
Transport Layer Security (TLS) is a protocol that helps protect your online financial transactions by ensuring secure communication over a network
The PCI Council states that any organization handling payment card transactions must use TLS 1.2 or higher in order to meet PCI DSS compliance standards.
Wix uses Transport Layer Security and does meet PCI DSS compliance standards.
We allow a minimum of TLS 1.2 so that out-of-date devices or browsers can access the website on your domain when they try to view it. At the same time, our sites allow the latest version of TLS for browsers which support it.
We allow a minimum of TLS 1.2 so that out-of-date devices or browsers can access the website on your domain when they try to view it. At the same time, our sites allow the latest version of TLS for browsers which support it.
Visitors with older browsers may be able to visit your site, however, if their older device protocols don’t meet PCI security standards, they may not be able to complete a transaction.
FAQs
Click a question below to learn more about Wix's online security.
How do I make my Wix site PCI compliant?
My site failed a PCI compliance scan because of weak cipher support. Is my site secure?
I encountered scanning interference when trying to run a PCI scan on my site. How do I whitelist the scanner IPs?
Did this help?
|