Security of Wix's Billing Services and PCI Compliance

5 min read
The security of our users' sensitive data is of extreme importance to us here at Wix and we are 100% committed to protecting it.
In this article, learn about Wix and:

PCI Compliance

The PCI DSS is an information security standard for organizations or companies that accept credit card payments. This standard helps to create a secure environment by increasing cardholder data, thus reducing credit card fraud.
Wix is Payment Card Industry Data Security Standards (PCI DSS) compliant and is accredited as a Level 1 service provider and merchant. Wix’s PCI DSS compliance is assessed by an external company, and we are audited on a yearly basis in order to align with PCI standards.
Wix PCI applications are running in a dedicated environment - with segregation from other product flows and servers - suitable for the highest PCI standards.
Within our PCI environment, we maintain the highest standard of encryption and storage measures using a FIPS 140-2-certified HSM (Hardware Security Module). Our users’ data at rest encryption utilizes AES-256, the industry’s most broadly used encryption method.

COMSEC PCI Merchant certificate 2024,
COMSEC PCI Service Provider certificate 2024,

ISO Compliance

ISO 27001 Compliance
Wix has been audited and certified as ISO 27001 compliant. The ISO 27001 certification outlines industry best practices for managing security risks. 
ISO 27001 cert,
ISO cert,
ISO cert,
IQ Net cert,

ISO 27701 Compliance
Wix has been audited and certified as ISO 27701 compliant. The ISO 27701 certification outlines industry best practices for privacy information management.
ISO Certificate

ISO 27017 Compliance
Wix has been audited and certified as ISO 27017 compliant. The ISO 27017 certification outlines industry best practices for security techniques in a public cloud computing environment.
ISO Certificate

ISO 27018 Compliance
Wix has been audited and certified as ISO 27018 compliant. The ISO 27018 certification outlines industry best practices for security techniques for PII protection in a public cloud computing environment.
ISO 27018 certification,

TLS Certification

Transport Layer Security (TLS) is a protocol that helps protect your online financial transactions by ensuring secure communication over a network
The PCI Council states that any organization handling payment card transactions must use TLS 1.2 or higher in order to meet PCI DSS compliance standards.
Wix uses Transport Layer Security and does meet PCI DSS compliance standards.
We allow a minimum of TLS 1.2 so that out-of-date devices or browsers can access the website on your domain when they try to view it. At the same time, our sites allow the latest version of TLS for browsers which support it.
Visitors with older browsers may be able to visit your site, however, if their older device protocols don’t meet PCI security standards, they may not be able to complete a transaction.

FAQs

Click a question below to learn more about Wix's online security.

Did this help?

|