The Payment Card Industry Data Security Standard (PCI DSS) ensures that compliant entities must process, store and transmit card information in a secure environment.
The PCI DSS established for VWO is applicable for the integration code, i.e., the VWO SmartCode and SDKs required for making VWO Customer Experience Optimization functional.
If you use VWO on your website to process the card information, you can make your account compliant for PCI DSS version 3.2.1. This has to do with being selective about the kind of data that is tracked by VWO and how this data is being accessed by the users of the VWO account.
How to make your VWO account PCI DSS version 3.2.1 compliant?
To ensure that the data is collected in your VWO account and to secure its accessibility to PCI standards, an admin/owner user need to do the following:
- Go to SETTINGS > ACCOUNTS -> SECURITY, and under the Login and access section, enable:
- Expire user's password in 90 days
- Log user out of VWO after 15 minutes of inactivity
- Go to SETTINGS > ACCOUNTS -> PRIVACY CENTER, and under the Data security section, enable:
- Collect only TLS 1.2 data
- If you have enabled the setting wherein the user gets logged out after 15 minutes of inactivity, their Remember me preference on the login page will be overridden
- Password expiry is not applicable if logins are governed by SSO.
By virtue of enabling these options in VWO, the data in your account and its access methods will comply with PCI DSS 3.2.1 standards.