All merchants who accept credit cards are required to comply with the PCI Data Security Standard (PCI DSS). Subscribe Pro provides features which can significantly reduce your scope and help you avoid expensive audits and assessments.
The Subscribe Pro Vault
Our product implements credit card tokenization technology to securely store sensitive credit card data in the Subscribe Pro Vault. The vault is powered by Spreedly, a Level 1 PCI Compliant service provider.
How it Works
The Subscribe Pro Magento extension uses a technology called JSONP to implement the payment method and credit card submission forms. Using JSONP means that sensitive credit card numbers and information are POST’ed directly from your customers’ web browsers to the secure servers at Spreedly. Once the credit card is received it is turned into a token, a unique identifier or token that cannot be mathematically reversed. The token can then be passed safely between Subscribe Pro and Magento and allows any type of payment transaction to be run against the credit card.
The implementation of JSONP technology in our Subscribe Pro extension means that your PCI DSS scope is significantly reduced. Because the sensitive credit card data is transmitted directly from the customer to the vault, Magento and your web servers will be considered out of scope for both storage and transmission of sensitive cardholder data.
More Information About the PCI DSS
Visit the PCI Security Standards Council:
Visit our service provider, Spreedly:
- Spreedly’s PCI Compliance Page
- Spreedly’s Blog Entry: PCI DSS v3.0 for Online Merchants