PCI Compliance

The PCI-DSS counsil provides a framework of robust security processes for credit card transactions. Any merchant or service merchant provider accepting, transmitting, and/or storing cardholder data must be PCI compliant.

Rebillia Platform is a merchant service provider that is PCI Compliant Level 1. Security is a priority for us, and for that reason we meet and exceed all standard payment security practices.

Merchant PCI Compliance

Every business that accepts credit card payments must be PCI compliant. By using BigCommerce as your e-commerce platform, your online environment is PCI compliant by default, but there are alot of practices used by online stores that are not PCI compliant by default. Rebillia provides a PCI compliant way to manage your customers’ credit cards and subscriptions without taking the risks and responsibilities yourself.

Rebillia’s PCI Practices

  • – Rebillia Platform is a Level 1 PCI-DSS Compliance service provider, tested and accepted by the PCI-DSS Council.
  • – Rebillia Platform makes sure that your customers’ information is protected from cross-site scripting attacks, broswer history and cache scraping and much more.
  • – Rebillia Platform NEVER stores full credit card data, only the parts that are allowed to be stored, by tokenizing and encrypting the information instead.

Best PCI Practices

  • – BigCommerce provides all their stores with SSL certificated domains that will take place in the sensitive areas of the store, such as checkout, cart and account page. It is highly recommended to get your own SSL for your own domain so that the flow of addresses will always stay on your domain throughout the whole website.
  • – Never allow your browser to save credit card information, and implore your shoppers the same. Most web apps will expose the data via their logged files.
  • – Make sure to know what are the reponsibilities of each and every 3rd party service yo are using, what access they are granted and what information they deal with.
  • – Every 3rd party service you use, that works with CHD (Card Holder Data) MUST be PCI-DSS level 1 compliant. You can read about the differences between PCI levels here.