Is AbolitionistSanctuary.org PCI-DSS Compliant

Created by Rev. Dr. Nathan C. Walker, Modified on Sat, 27 May, 2023 at 10:35 AM by Rev. Dr. Nathan C. Walker

Yes. AbolitionistSanctuary.org is PCI-DSS compliant. Please see the following excerpts from the WooCommerce that explain the ways in which we meet these security standards.

What is PCI-DSS?

PCI-DSS (Payment Card Industry Data Security Standard) is a set of actionable rules defined by the Payment Card Industry Security Standards Council to encourage the broad adoption of consistent data security measures around the world with an aim to reduce credit card fraud. These rules apply to anyone who stores, processes, or transmits cardholder data. For more information about PCI-DSS, please review the Quick Reference Guide here.

How Does PCI-DSS Meet Core Requirements?

AbolitionistSanctuary.org meets the following 12 core PCI-DSS requirements:

GOALS	PCI-DSS REQUIREMENT
Build and Maintain a Secure Network	AbolitionistSanctuary.org installs and maintains a firewall configuration to protect cardholder data by using Wordfence and WooCommerce software. AbolitionistSanctuary.org does not use vendor-supplied defaults for system passwords and other security parameters.
Protect Cardholder Data	AbolitionistSanctuary.org never stores card details because WooCommerce and Stripe does never store more than 4 digits of a card number if storing payment tokens for re-use. AbolitionistSanctuary.org enforces SSL on user checkout pages. AbolitionistSanctuary.org encrypts transmission of cardholder data across open, public networks.
Maintain a Vulnerability Management Program	AbolitionistSanctuary.org uses and regularly update anti-virus software through WordPress, Wordfence, BuddyBoss, and LearnDash software updates. AbolitionistSanctuary.org develops and maintains secure systems and applications through Amazon Web Service, RunCloud.io, and BobCares Server Administrators.
Implement Strong Access Control Measures	AbolitionistSanctuary.org restricts access to cardholder data by business need-to-know; AbolitionistSanctuary.org assign a unique WordPress ID to each person with computer access; AbolitionistSanctuary.org restricts physical access to cardholder data by using WooCommerce and Stripe software that does not give any staff member access to full cardholder data.
Regularly Monitor and Test Networks	AbolitionistSanctuary.org uses a variety of security checks in WordPress, Wordfence, and WooCommerce to track and monitor all access to network resources and user data; AbolitionistSanctuary.org regularly tests security systems and processes.
Maintain an Information Security Policy	AbolitionistSanctuary.org maintain a privacy policy and terms and conditions policy that addresses information security.

Please note that AbolitionistSanctuary.org uses Wordfence, an authorized by the Common Vulnerabilities and Exposures (CVE®) Program as a CNA, or CVE Numbering Authority. As a CNA, Wordfence assigns CVE IDs for new vulnerabilities in WordPress Core, WordPress Plugins and WordPress Themes.