Browse by Topic

PCI Compliance

PCI stands for Payment Card Industry. The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure all companies that process, store or transmit credit card information maintain a secure environment. Our servers are PCI DSS 3.2 certified at Level 1, which protects against credit card data breaches and eliminates the massive cost and hassle of handling compliance yourself. We let you accept leading payment methods without worrying about implementing PCI standards for your online store. 

Who Is Required to Provide Proof of Compliance?

PCI compliance applies to any merchant or organization that accepts, transmits or stores any cardholder data, regardless of size. If you accept transactions from customers using credit or debit cards, the PCI DSS requirements apply. Since it is BigCommerce's servers, BigCommerce is required to provide proof, not individual merchants using our service. 

How Do You Show Proof of Compliance?

If using a third-party platform such as BigCommerce and you are asked to provide an Attestation of PCI DSS Compliance, you can download it here: 2018 - 2019 Attestation of PCI DSS Compliance.

This document allows you to provide proof that your store is PCI compliant.


This attestation is dated for last year, is it out of date? The date on the cover of the PCI Attestation refers to when the standards were last revised. It does not refer to when the Attestation was completed. The date the report was delivered is found on page 10 of the document.

Why Do I Need to Reset My Password Every 90 Days?

It is part of the requirements stated in Requirement 8 of Version 3.2 of the Payment Card Industry Data Security Standards. In order to remain PCI compliant, the password must change at least every 90 days. See PCI Compliance Password Requirements for more details.

Why Was I Logged out of My Store?

Another requirement for PCI compliance requires that if there is no activity for a set amount of time, the session has to time out. By default this is set to 15 minutes, meaning if you are logged into your store's control panel but do not click anything for 15 minutes, the system will log you out. See Control Panel Timeout Window for more information on how to adjust this setting.

Was this article helpful?