PCI DSS Compliance

PCI DSS Policy

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. Zip Co US, Inc. (Zip) is PCI DSS compliant.

The PCI DSS is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud. Maintaining security of cardholder data is very important to Zip.

Zip secures and protects all cardholder data in its possession according to the current applicable PCI DSS standard. Zip acknowledge these responsibilities as the organization responsible for ensuring the safe handling and storage of sensitive customer credit card information and data in connection with the Zip services.

Zip merchants must implement Zip's solution according to Zip implementation guidelines. By doing so, merchants delegate their PCI DSS responsibilities for sensitive customer credit card information and data collected to Zip for transactions processed by Zip. Merchants may have other PCI DSS responsibilities that are independent of the Zip's Merchant Services Agreement (MSA). It is each merchant's sole responsibility to remain informed of their PCI DSS obligations and compliance status.

Zip's Attestation of Compliance (AoC) is available upon request.

For further information please visit the official PCI org website www.pcisecuritystandards.org.