PCI DSS compliance

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organisations that handle card holder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards. Most banks and credit card companies require organisations that process, transmit or store card holder data to be compliant.

FoodCommerce does not process, transmit or store card holder data at any point, and is therefore out of the scope of PCI DSS.

All the payment gateways we integrate with use payment pages which are remotely hosted, either by redirecting the browser or showing remote content through the use of an IFrame. This means that the task of PCI DSS compliance resides with the payment gateways themselves. All of the payment gateways we integrate with are PCI DSS compliant.

Despite being out of the scope of PCI DSS we regularly scan our systems with an Approved Scanning Vendor (ASV) as a matter of good practice.

The following websites contain more information about PCI DSS which you may find useful: