Skip to content
  • There are no suggestions because the search field is empty.

PCI DSS Compliance

Your customers' payment information is protected every time they check out on your Workstand-powered site.

What is PCI DSS?

  • PCI DSS stands for Payment Card Industry Data Security Standard.

  • It's a set of security requirements established by the major credit card networks — Visa, Mastercard, American Express, and others — to ensure that businesses handle cardholder data safely.

  • Any business that accepts, processes, stores, or transmits credit card information is required to meet these standards.

  • The goal is simple: protect your customers from fraud and keep their payment data out of the wrong hands.

What does this mean for your store?

  • When a customer enters their credit card number at checkout, that information needs to be handled according to strict security protocols.

    • Meeting PCI DSS requirements involves things like encrypting card data, maintaining secure network connections, and limiting who can access payment information.

  • The good news: Workstand handles PCI DSS compliance for you during checkout.

    • You don't need to manage this yourself or hire a third party to assess your compliance.

How Workstand keeps checkout secure

  • Workstand's checkout process is built on PCI DSS-compliant payment integrations, including Stripe and Authorize.net. When a customer completes a purchase on your website:

    • Card data is encrypted in transit using secure connections (SSL/TLS).
    • Payment information is processed directly by your payment gateway — Workstand never stores raw card numbers.
    • Your customers' data is handled in accordance with PCI DSS requirements at every step of the transaction.

  • Because sensitive card data flows directly to your payment processor and never passes through Workstand's servers in an unprotected state, your store benefits from the compliance infrastructure those processors maintain.

Do I need to do anything?

  • For online sales processed through Stripe or Authorize.net, the PCI compliance burden is significantly reduced for you as a retailer. However, there are a few things to keep in mind:

  • Use a supported payment integration. PCI compliance during checkout applies when using Workstand's built-in payment integrations. If you are using a custom payment method, payment is not collected at checkout, so different considerations may apply.
  • Keep your Workstand account credentials secure. Never share your admin login with unauthorized individuals.
  • Review your payment processor's guidance. Both Stripe and Authorize.net provide resources on what, if anything, is required of merchants on their end.

  • If you have questions about your specific compliance obligations, we recommend consulting with your payment processor or a qualified security professional.