First of all, we never see your credit card information and it’s never saved on any of our computers. All pages of our website are SSL encrypted so that no one can see any information you type into anywhere on our website.
We are very serious about securing your information and have invested significant time and money to certify our website is PCI compliant. From annual on-site assessments validating compliance to continuous risk management, we work really hard to ensure our shopping cart information is secure.
We know what a pain it is to have your credit card information stolen, so to better protect you and your credit card info, we may cancel an order if we see suspicious information or actions taken when making an online purchase. Below are a few things that we look for on all credit card purchases.
Web Proxy…this is a high risk internet connection mostly used by people trying to hide their actual location such as city/country.
Multiple Payment Attempts…a person tries using multiple credit cards or attempts to guess security code.
Billing Address…although you can ship to any CA address, the ‘billing address’ must match the one associated with the credit card.
Strange Email…most people have an email address that has something to do with their name, business, hobby or just looks out of the ordinary, so if we see crazy mixed up looking emails, this will be a reason for us to take another look.
We don’t want to upset anyone by cancelling an order, but we also don’t want someone not authorized to use your credit card to do so.
What is PCI Compliant?
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle credit card and debit card information. Defined by the Payment Card Industry Security Standards Council, the standard was created to increase controls around credit card data to reduce credit card fraud via its exposure.
If we want to sell online and accept payments from Visa, MasterCard, American Express or Discover credit cards, our software and hosting has to be PCI compliant.