PCI DSS Policy – Credit Card Security

Convert Insights Inc. follows the principals and standard set out by the PCI Standards Council for storing and handling credit card information.

Anyone involved with the processing, transmission, or storage of credit card data must comply with the Payment Card Industry Data Security Standards (PCI DSS). Convert uses the payment services provided by Stripe. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, they make use of best-in-class security tools and practices to maintain a high level of security at Stripe.

To summarize our methodology for processing and storing credit card details.

• We process all credit card payments using Stripe, as outlined above.
• We do not store any full credit card numbers or magnetic stripe data.
• For customer service purposes, Stripe provides us with the last 4 digits and the expiry date of your card. This is to assist us in validating any support request you may have about your account.
• We comply with, and meet the requirements of PCI DSS SAQ A-EP.
• Whilst we don’t publish it on our website, we are happy to provide a copy of our compliance certificate to any customer on request.

Stripe, not to be confused with the magnetic strip on the back of your credit card often called a stripe, is a 3rd party provider we use to process credit cards. They are one of the largest and most respected providers globally.