VWO Engage is compliant with the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS ensures that compliant entities must process, store and transmit card information in a secure environment.
The PCI DSS established for VWO Engage is applicable for the integration code, i.e., the VWO Engage Smartcode and SDKs required for making VWO Engage Customer Experience Optimization functional.
If you use VWO Engage on your website to process the card information, you can make your account compliant for PCI DSS version 3.2.1. This has to do with being selective about the kind of data that is tracked by VWO Engage and how this data is being accessed by the users of the VWO Engage account.
How to make your VWO Engage account PCI DSS version 3.2.1 compliant?
To ensure that the data is collected in your VWO Engage account and to secure its accessibility to PCI standards, an admin/owner user need to do the following:
Go to SETTINGS > ACCOUNTS -> SECURITY, and under the Login and access section, enable:
1. Expire user's password in 90 days
2. Log user out of VWO Engage after 15 minutes of inactivity
1. If you have enabled the setting wherein the user gets logged out after 15 minutes of inactivity, their Remember me preference on the login page will be overridden. Also, the settings are applicable for the future login and not for the current login session.
2. VWO Engage only supports the TLS1.2 version and above.
3. The feature is available for all the customers of VWO Engage.
By virtue of enabling these options in VWO Engage, the data in your account and its access methods will comply with PCI DSS 3.2.1 standards.