The Payment Card Industry Data Security Standard (PCI DSS) ensures that compliant entities must process, store and transmit card information in a secure environment.
The PCI DSS established for VWO is applicable for the integration code, i.e., the VWO SmartCode and SDKs required for making VWO Customer Experience Optimization functional.
If you use VWO on your website to process the card information, you can make your account compliant with PCI DSS version 3.2.1. This has to do with being selective about the kind of data that is tracked by VWO and how this data is being accessed by the users of the VWO account.
How to make your VWO account PCI DSS version 3.2.1 compliant?
To ensure that the data is collected in your VWO account and to secure its accessibility to PCI standards, an admin/owner user needs to enable the following options by accessing the gear icon ⚙ on the top right and go to Account > Security > Login and Access section:
- Expire user's passwords in 90 days
- Log users out of VWO after 15 minutes of inactivity
- Prevent users from reusing last <> passwords while resetting
- Prevent users from reusing a password that was used in the last <> days while resetting
- If you have enabled the setting wherein the user gets logged out after 15 minutes of inactivity, their Remember me preference on the login page will be overridden
- Password expiry is not applicable if logins are governed by SSO.
By virtue of enabling these options in VWO, the data in your account and its access methods will comply with PCI DSS 3.2.1 standards.