Exclusive! Discover the buy-now-pay-later option that’s right for your shoppers. Learn more


PCI DSS Certification

Last Update: December, 2018


Splitit is committed to safeguarding customer information. To accomplish that, we invest significant resources to provide secure and reliable payment solutions for you and your customers.

PCI DSS Compliance

Splitit is a validated Level 1 PCI DSS Compliant Service Provider.

What is PCI DSS?

PCI DSS is the Data Security Standard put together by the Payment Card Industry Security Standards Council, comprised of the five major payment networks: Visa, MasterCard, American Express, Discover and JCB. It is the global data security standard that every business wanting to accept payment cards and store, process, and/or transmit cardholder data must comply with. The data standard has a total of twelve compliance requirements broken down into six broad control objectives:

  • Build and maintain a secure network
  • Protect cardholder data
  • Maintain a vulnerability management program
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

Splitit implements the highest technology standards to meet the PCI compliance such as:

  • Data Encryption Keys (DEKs) and Key Encryption Keys (KEKs) that are encrypted with AES256 algorithm and Master Key which is encrypted with RSA1024 algorithm
  • 128-bit Secure Sockets Layer (SSL)
  • Implement WAF (Web Application Firewall) to protect against threads
  • Use File integrity products to detect malicious file access
  • Use intrusion detection systems
  • Monitor and analyze security alerts and information
  • Incorporate two-factor authentication for remote access
  • Deploy anti-virus software on all systems commonly affected by malicious software
  • Limit access to system components and cardholder data to only those individuals whose job requires such access