[{"data":1,"prerenderedAt":910},["ShallowReactive",2],{"header:help":3,"footer:default":67,"story:navigation\u002Fsearch:help":250,"story:help\u002Fcategories":288,"story:help\u002Farticles\u002Fpci-dss-and-compliance-requirements":314,"no-guide:pci-dss-and-compliance-requirements":59,"article:\u002Fhelp\u002Farticles\u002Fpci-dss-and-compliance-requirements":669,"story:contact":691,"help:tree:dc71cd32-d441-4490-a4fe-b65803803cf8":880,"_apollo:default":909},{"name":4,"created_at":5,"published_at":6,"updated_at":7,"id":8,"uuid":9,"content":10,"slug":57,"full_slug":58,"sort_by_date":59,"position":60,"tag_list":61,"is_startpage":24,"parent_id":62,"meta_data":59,"group_id":63,"first_published_at":64,"release_id":59,"lang":65,"path":59,"alternates":66,"default_full_slug":59,"translated_slugs":59},"Help Center Header","2024-08-09T18:06:34.939Z","2024-10-21T21:58:39.217Z","2024-10-21T21:58:39.232Z",10082752,"3e9b88f7-c163-4657-a2f2-62532d600fad",{"_uid":11,"link":12,"badge":16,"items":17,"title":13,"buttons":50,"new_tab":24,"submenu":51,"alignment":13,"component":52,"badge_link":53,"top_menu_items":56},"e5645a1a-f991-40e8-8d67-e40ebc082b5a",{"id":13,"url":13,"linktype":14,"fieldtype":15,"cached_url":13},"","story","multilink","Help Center",[18,27,34,39,44],{"_uid":19,"link":20,"title":23,"new_tab":24,"submenu":25,"component":26},"5cbe2861-1f49-4166-97da-a4dddd8105e3",{"id":21,"url":13,"linktype":14,"fieldtype":15,"cached_url":22},"4c0a2d99-ec30-4579-8ef1-6bf5564d4839","help\u002Fcategories\u002F","Articles",false,[],"header___item",{"_uid":28,"link":29,"title":32,"new_tab":33,"component":26},"1c8edeb5-b9e9-4cb8-b1c6-c1f292f7d7cd",{"id":13,"url":30,"linktype":31,"fieldtype":15,"cached_url":30},"https:\u002F\u002Fwiki.foxycart.com\u002F","url","Documentation",true,{"_uid":35,"link":36,"title":38,"new_tab":33,"component":26},"8d7df70e-f087-4da0-b616-6f0e9a5af35c",{"id":13,"url":37,"linktype":31,"fieldtype":15,"cached_url":37},"https:\u002F\u002Fapi.foxycart.com\u002F","API Documentation",{"_uid":40,"link":41,"title":43,"new_tab":33,"component":26},"f76e7944-23d5-4652-87e4-cdae79272762",{"id":13,"url":42,"linktype":31,"fieldtype":15,"cached_url":42},"https:\u002F\u002Fstatus.foxy.io\u002F","System Status",{"_uid":45,"link":46,"title":49,"new_tab":24,"component":26},"0de16771-4c84-466c-a1da-d8568113c71f",{"id":47,"url":13,"linktype":14,"fieldtype":15,"cached_url":48},"01e4e370-f9b9-45af-8fa9-f15540699b0d","contact","Contact Us",[],[],"header",{"id":54,"url":13,"linktype":14,"fieldtype":15,"cached_url":55},"4a679eb7-662d-4ea4-a976-5a2acbf0b663","help\u002F",[],"help-header","navigation\u002Fhelp-header",null,20,[],10082747,"71b81c2e-5e09-48a1-a397-a3c72fcd344a","2022-09-21T14:50:25.655Z","default",[],{"name":68,"created_at":69,"published_at":70,"updated_at":71,"id":72,"uuid":73,"content":74,"slug":243,"full_slug":244,"sort_by_date":59,"position":245,"tag_list":246,"is_startpage":24,"parent_id":62,"meta_data":59,"group_id":247,"first_published_at":248,"release_id":59,"lang":65,"path":59,"alternates":249,"default_full_slug":59,"translated_slugs":59},"Default Footer","2024-08-09T18:06:59.024Z","2025-09-04T06:24:46.223Z","2025-09-04T06:24:46.241Z",10082753,"e59e67ac-248a-482f-84a1-53d4f318186a",{"_uid":75,"about":76,"logos":77,"socials":82,"sections":108,"component":225,"cta_title":226,"bottom_links":227,"cta_subtitle":241,"cta_button_link":242,"cta_button_text":183},"830983f5-c4c4-43c8-b150-86a5e3fa6dc8","Foxy’s hosted cart & payment page allow you to sell anything, using your existing website or platform.",[78],{"id":79,"alt":13,"name":13,"focus":13,"title":13,"filename":80,"copyright":13,"fieldtype":81},14760,"https:\u002F\u002Fa-us.storyblok.com\u002Ff\u002F1001040\u002Fx\u002F3b030847ec\u002Fb-corp.svg","asset",[83,90,96,102],{"_uid":84,"icon":85,"link":86,"name":88,"component":89},"faf0a618-ea94-42ea-9182-03be18c43216","fa-facebook",{"id":13,"url":87,"linktype":31,"fieldtype":15,"cached_url":87},"https:\u002F\u002Fwww.facebook.com\u002Ffoxycart","Facebook","footer___social",{"_uid":91,"icon":92,"link":93,"name":95,"component":89},"14309c18-7e79-423e-b375-34555bac0811","fa-instagram",{"id":13,"url":94,"linktype":31,"fieldtype":15,"cached_url":94},"https:\u002F\u002Fwww.instagram.com\u002Ffoxy_io","Instagram",{"_uid":97,"icon":98,"link":99,"name":101,"component":89},"8f7fe7cf-0dd3-4596-8334-226ea466716a","fa-linkedin",{"id":13,"url":100,"linktype":31,"fieldtype":15,"cached_url":100},"https:\u002F\u002Fwww.linkedin.com\u002Fcompany\u002Ffoxycart.com","LinkedIn",{"_uid":103,"icon":104,"link":105,"name":107,"component":89},"90a675b4-dd97-40b5-be09-00a87223d4c5","fa-youtube",{"id":13,"url":106,"linktype":31,"fieldtype":15,"cached_url":106},"https:\u002F\u002Fwww.youtube.com\u002Fuser\u002Ffoxycart","Youtube",[109,139,184,206],{"_uid":110,"name":111,"items":112,"component":138},"82849945-282f-488c-b18d-a8d2252f514a","Company",[113,120,126,132],{"_uid":114,"link":115,"title":118,"new_tab":24,"component":119},"1f699ab1-938b-4d9d-9825-aabcbe6f57fe",{"id":116,"url":13,"linktype":14,"fieldtype":15,"cached_url":117},"63634293-a749-4226-9439-9f38ee6dcda0","about-us","About Us","footer___menu_items",{"_uid":121,"link":122,"title":125,"new_tab":24,"component":119},"b26b00f1-a0e7-4be2-8ab3-428b8cc841f8",{"id":123,"url":13,"linktype":14,"fieldtype":15,"cached_url":124},"26cb7c55-faed-4a77-a291-1552d4111b3e","how-foxy-works","How Foxy Works",{"_uid":127,"link":128,"title":131,"new_tab":24,"component":119},"b40c68a0-1ceb-4226-9515-6176534f61fe",{"id":129,"url":13,"linktype":14,"fieldtype":15,"cached_url":130},"dc6657d7-7f4f-4c0d-b781-e971b038ee26","for-good","Foxy For Good",{"_uid":133,"link":134,"title":137,"new_tab":24,"component":119},"3ad0c134-bef9-4fff-b891-e09f16109036",{"id":135,"url":13,"linktype":14,"fieldtype":15,"cached_url":136},"23cae210-baf4-4588-9862-d09f4f52ccd2","brand-assets","Brand Assets","footer___section",{"_uid":140,"name":141,"items":142,"component":138},"a6805fa8-ac60-47f1-b8f0-f27aded0afbe","Product",[143,149,155,161,167,173,179],{"_uid":144,"link":145,"title":148,"new_tab":24,"component":119},"b39c8a4e-2383-486f-b76a-11fbb15d8134",{"id":146,"url":13,"linktype":14,"fieldtype":15,"cached_url":147},"bb04690f-fe98-4ce6-80be-05b950f2364f","features\u002F","Features",{"_uid":150,"link":151,"title":154,"new_tab":24,"component":119},"64f8a41f-c181-433d-bc0a-fc94e71ecbf6",{"id":152,"url":13,"linktype":14,"fieldtype":15,"cached_url":153},"c450c58d-761d-48c0-a9af-0b064611689b","pricing","Pricing",{"_uid":156,"link":157,"title":160,"new_tab":24,"component":119},"6e0b287f-fd8c-4146-9e0e-0ab0b5c9ce3c",{"id":158,"url":13,"linktype":14,"fieldtype":15,"cached_url":159},"fab20ad9-e76a-4947-b709-3a6fdfa88028","blog\u002Fcategories\u002Fproduct-updates","Product Updates",{"_uid":162,"link":163,"title":166,"new_tab":24,"component":119},"47e5a074-a6b5-4f1c-8c2f-89a2ae9f83eb",{"id":164,"url":13,"linktype":14,"fieldtype":15,"cached_url":165},"d2c83612-d611-47f3-a3b4-ca7fe08540b8","changelogs\u002F","Changelogs",{"_uid":168,"link":169,"title":172,"new_tab":24,"component":119},"b5c08774-542f-4ffd-b357-c94d674488b9",{"id":170,"url":13,"linktype":14,"fieldtype":15,"cached_url":171},"08876121-0df3-4ed9-aa11-902b3e41cd02","whats-next","What's Next",{"_uid":174,"link":175,"title":178,"new_tab":24,"component":119},"9c2704ed-6d9f-43e1-9e67-c8d91c083288",{"id":176,"url":13,"linktype":14,"fieldtype":15,"cached_url":177},"056a7857-b18f-4025-8f97-91a38fc19bc8","compare\u002F","Compare",{"_uid":180,"link":181,"title":183,"new_tab":24,"component":119},"5f2db35b-674b-406a-8fa7-d246633af9fe",{"id":13,"url":182,"linktype":31,"fieldtype":15,"cached_url":182},"https:\u002F\u002Fadmin.foxy.io\u002Fsign-up","Try Foxy Free",{"_uid":185,"name":186,"items":187,"component":138},"63fa1f29-4252-4640-9922-fe310e69e54a","Security",[188,194,200],{"_uid":189,"link":190,"title":193,"new_tab":24,"component":119},"1158ddb6-9eb0-466f-8eb6-7ca2ae66c8b8",{"id":191,"url":13,"linktype":14,"fieldtype":15,"cached_url":192},"1f58fb2c-8681-4742-b6e8-09999beae9f6","security-contact","Security Contact",{"_uid":195,"link":196,"title":199,"new_tab":24,"component":119},"9a79c54a-6022-4dfd-854b-766f5e4703ba",{"id":197,"url":13,"linktype":14,"fieldtype":15,"cached_url":198},"55cbfcc3-425a-4261-8037-54e919851d2d","pci","PCI Compliance",{"_uid":201,"link":202,"title":205,"new_tab":24,"component":119},"0b85f5b6-9534-4071-b323-b39d053dd4d7",{"id":203,"url":13,"linktype":14,"fieldtype":15,"cached_url":204},"c3ac0fe3-83e2-4879-afbd-d4c83e1590df","help\u002Farticles\u002Four-official-domains-public-code","Domains & Codebases",{"_uid":207,"name":208,"items":209,"component":138},"998ded67-d107-49f4-8154-ca6be51671ec","Support",[210,213,216,219,222],{"_uid":211,"link":212,"title":16,"new_tab":24,"component":119},"594ffd35-3049-4004-bb08-0db568ebd819",{"id":54,"url":13,"linktype":14,"fieldtype":15,"cached_url":55},{"_uid":214,"link":215,"title":32,"new_tab":33,"component":119},"0a1a55ab-a985-4f9d-8b42-26da714d0c1c",{"id":13,"url":30,"linktype":31,"fieldtype":15,"cached_url":30},{"_uid":217,"link":218,"title":38,"new_tab":33,"component":119},"61e0b7c8-aadf-419b-a339-b3ccabc65bf4",{"id":13,"url":37,"linktype":31,"fieldtype":15,"cached_url":37},{"_uid":220,"link":221,"title":43,"new_tab":33,"component":119},"fd67a89e-1c54-4d31-94b5-64be999062d6",{"id":13,"url":42,"linktype":31,"fieldtype":15,"cached_url":42},{"_uid":223,"link":224,"title":49,"new_tab":24,"component":119},"231a6f71-e996-4ad4-b033-d4d5542f34f0",{"id":47,"url":13,"linktype":14,"fieldtype":15,"cached_url":48},"footer","Get started with our *unlimited free trial*.",[228,235],{"_uid":229,"link":230,"text":233,"component":234},"f0b77210-2632-45a2-8436-e57cad84d01a",{"id":231,"url":13,"linktype":14,"fieldtype":15,"cached_url":232},"60ba16a2-c1f4-485f-b978-8d2eeeafbf5a","terms-of-service","Terms of Service","footer___bottom_links",{"_uid":236,"link":237,"text":240,"component":234},"4bd497b0-993f-4b4d-a5b7-8a49c7c8fec9",{"id":238,"url":13,"linktype":14,"fieldtype":15,"cached_url":239},"332302b9-1d18-4016-b9c8-9b33c72d782b","privacy-policy","Privacy Policy","No credit card required.",{"id":13,"url":182,"linktype":31,"fieldtype":15,"cached_url":182},"default-footer","navigation\u002Fdefault-footer",50,[],"11006268-07f9-41e9-96f3-c51fb723399d","2022-09-21T20:39:02.357Z",[],{"name":251,"created_at":252,"published_at":253,"updated_at":254,"id":255,"uuid":256,"content":257,"slug":279,"full_slug":282,"sort_by_date":59,"position":283,"tag_list":284,"is_startpage":24,"parent_id":62,"meta_data":59,"group_id":285,"first_published_at":286,"release_id":59,"lang":65,"path":59,"alternates":287,"default_full_slug":59,"translated_slugs":59},"Search","2024-10-21T22:08:54.973Z","2025-05-26T09:17:25.790Z","2025-05-26T09:17:25.804Z",13592003,"14cbc359-9ac1-4a7a-a8de-ad4ac8ef26d4",{"_uid":258,"name":251,"indices":259,"summary":13,"component":279,"primary_image":280},"5e4a56e8-76f1-4790-b3a7-70f1be97d042",[260,265,269,274],{"key":261,"_uid":262,"icon":13,"name":263,"component":264},"all","c12a3210-7323-4273-8217-5215e52efe84","All","index",{"key":266,"_uid":267,"icon":268,"name":23,"component":264},"help_center_article","5acff080-95e4-44d3-8dcf-1b19720af382","fa-file-alt",{"key":270,"_uid":271,"icon":272,"name":273,"component":264},"help_center_guide","b8fbc206-c083-471e-a1f0-0ebeb90a669d","fa-book","Guides",{"key":275,"_uid":276,"icon":277,"name":278,"component":264},"blog_post","23419e83-2e56-4c4c-8a05-9fd1b3c9a9bd","fa-file-image","Blog Posts","search",{"id":59,"alt":59,"name":13,"focus":59,"title":59,"source":59,"filename":13,"copyright":59,"fieldtype":81,"meta_data":281},{},"navigation\u002Fsearch",60,[],"11e1fd31-95cd-4fc9-b736-8b8910663e6c","2024-10-21T23:17:05.904Z",[],{"name":23,"created_at":289,"published_at":290,"updated_at":291,"id":292,"uuid":21,"content":293,"slug":307,"full_slug":22,"sort_by_date":59,"position":308,"tag_list":309,"is_startpage":33,"parent_id":310,"meta_data":59,"group_id":311,"first_published_at":312,"release_id":59,"lang":65,"path":59,"alternates":313,"default_full_slug":59,"translated_slugs":59},"2022-09-19T14:42:29.685Z","2024-07-30T18:17:22.506Z","2024-07-30T18:17:22.525Z",2660,{"_uid":294,"icon":13,"name":23,"guides":295,"pinned":24,"summary":296,"category":13,"component":297,"blog_posts":298,"content_hub":24,"icon_custom":299,"case_studies":300,"faq_sections":301,"help_articles":302,"featured_guides":303,"mailbox_category":13,"featured_articles":304,"featured_blog_posts":305,"featured_case_studies":306},"d6dae89a-907a-4bf7-82de-fe2ba875ee6e",[],"Get your questions answered with our browsable knowledge base.","help_center_category",[],{"id":59,"alt":59,"name":13,"focus":59,"title":59,"filename":13,"copyright":59,"fieldtype":81},[],[],[],[],[],[],[],"categories",530,[],2658,"19ebcdd2-027f-47f5-9a5b-a8992c959578","2022-09-19T16:24:39.219Z",[],{"name":315,"created_at":316,"published_at":317,"updated_at":318,"id":319,"uuid":320,"content":321,"slug":662,"full_slug":663,"sort_by_date":59,"position":664,"tag_list":665,"is_startpage":24,"parent_id":666,"meta_data":59,"group_id":667,"first_published_at":317,"release_id":59,"lang":65,"path":59,"alternates":668,"default_full_slug":59,"translated_slugs":59},"PCI DSS and compliance requirements","2026-07-16T04:09:02.555Z","2026-07-16T04:20:57.861Z","2026-07-16T04:20:57.882Z",198595963163451,"dc71cd32-d441-4490-a4fe-b65803803cf8",{"_uid":322,"body":323,"name":315,"image":657,"pinned":24,"summary":659,"category":660,"component":266,"related_articles":661},"5ad659f1-4b49-4722-afea-2671c4f97b67",{"type":324,"content":325},"doc",[326,333,340,345,350,355,360,387,392,397,558,563,572,577,582,587,592,597,602,607,612,617,622,630,644],{"type":327,"attrs":328,"content":329},"paragraph",{"textAlign":59},[330],{"text":331,"type":332},"PCI DSS (Payment Card Industry Data Security Standard) is the security standard that governs how businesses handle credit card data. Your specific compliance requirements depend on how your store collects and processes payments, and using Foxy significantly reduces what you’re responsible for.","text",{"type":334,"attrs":335,"content":337},"heading",{"level":336,"textAlign":59},2,[338],{"text":339,"type":332},"What is PCI DSS?",{"type":327,"attrs":341,"content":342},{"textAlign":59},[343],{"text":344,"type":332},"The Payment Card Industry Security Standards Council (PCI SSC) — made up of major card brands like Visa, Mastercard, and American Express — created the Data Security Standard (DSS) that all merchants accepting card payments must follow in some form.",{"type":327,"attrs":346,"content":347},{"textAlign":59},[348],{"text":349,"type":332},"There are multiple levels of compliance, and figuring out which one applies to you can be confusing. Some of that confusion comes from vendors and providers who use misleading language to sell services merchants don’t actually need.",{"type":334,"attrs":351,"content":352},{"level":336,"textAlign":59},[353],{"text":354,"type":332},"The two requirements of PCI DSS",{"type":327,"attrs":356,"content":357},{"textAlign":59},[358],{"text":359,"type":332},"Compliance comes down to two deliverables:",{"type":361,"content":362},"bullet_list",[363,376],{"type":364,"content":365},"list_item",[366],{"type":327,"attrs":367,"content":368},{"textAlign":59},[369,374],{"text":370,"type":332,"marks":371},"The Self-Assessment Questionnaire (SAQ)",[372],{"type":373},"bold",{"text":375,"type":332}," — ranges from SAQ A (a handful of questions) to SAQ D (200+ requirements).",{"type":364,"content":377},[378],{"type":327,"attrs":379,"content":380},{"textAlign":59},[381,385],{"text":382,"type":332,"marks":383},"A security scan from an Approved Scanning Vendor (ASV)",[384],{"type":373},{"text":386,"type":332}," — only required for certain SAQ levels.",{"type":327,"attrs":388,"content":389},{"textAlign":59},[390],{"text":391,"type":332},"Simply paying a provider for a “compliance service” does not make you PCI compliant on its own. Real compliance can involve things like staff security training, secure document disposal, and internal policies — none of which a vendor can complete on your behalf just because you paid a monthly fee.",{"type":334,"attrs":393,"content":394},{"level":336,"textAlign":59},[395],{"text":396,"type":332},"Which SAQ level applies to you?",{"type":398,"content":399},"table",[400,429,456,481,507,532],{"type":401,"content":402},"tableRow",[403,413,421],{"type":404,"attrs":405,"content":407},"tableHeader",{"colspan":406,"rowspan":406,"colwidth":59},1,[408],{"type":327,"attrs":409,"content":410},{"textAlign":59},[411],{"text":412,"type":332},"SAQ level",{"type":404,"attrs":414,"content":415},{"colspan":406,"rowspan":406,"colwidth":59},[416],{"type":327,"attrs":417,"content":418},{"textAlign":59},[419],{"text":420,"type":332},"Scan required?",{"type":404,"attrs":422,"content":423},{"colspan":406,"rowspan":406,"colwidth":59},[424],{"type":327,"attrs":425,"content":426},{"textAlign":59},[427],{"text":428,"type":332},"Applies to you if…",{"type":401,"content":430},[431,440,448],{"type":432,"attrs":433,"content":434},"tableCell",{"colspan":406,"rowspan":406,"colwidth":59,"backgroundColor":59},[435],{"type":327,"attrs":436,"content":437},{"textAlign":59},[438],{"text":439,"type":332},"None",{"type":432,"attrs":441,"content":442},{"colspan":406,"rowspan":406,"colwidth":59,"backgroundColor":59},[443],{"type":327,"attrs":444,"content":445},{"textAlign":59},[446],{"text":447,"type":332},"No",{"type":432,"attrs":449,"content":450},{"colspan":406,"rowspan":406,"colwidth":59,"backgroundColor":59},[451],{"type":327,"attrs":452,"content":453},{"textAlign":59},[454],{"text":455,"type":332},"Payments are handled entirely by a third party (e.g., PayPal Express Checkout or Pay with Amazon through Foxy). PCI DSS generally applies only to merchants with their own Merchant ID receiving payments directly.",{"type":401,"content":457},[458,466,473],{"type":432,"attrs":459,"content":460},{"colspan":406,"rowspan":406,"colwidth":59,"backgroundColor":59},[461],{"type":327,"attrs":462,"content":463},{"textAlign":59},[464],{"text":465,"type":332},"SAQ A",{"type":432,"attrs":467,"content":468},{"colspan":406,"rowspan":406,"colwidth":59,"backgroundColor":59},[469],{"type":327,"attrs":470,"content":471},{"textAlign":59},[472],{"text":447,"type":332},{"type":432,"attrs":474,"content":475},{"colspan":406,"rowspan":406,"colwidth":59,"backgroundColor":59},[476],{"type":327,"attrs":477,"content":478},{"textAlign":59},[479],{"text":480,"type":332},"Payments are fully outsourced through your Foxy checkout using a real gateway (not one that redirects the customer to a hosted payment page). Card details are never handled by phone, through Foxy’s Unified Order Entry, or any other virtual terminal. No cardholder data ever touches your systems, and none is ever stored.",{"type":401,"content":482},[483,491,499],{"type":432,"attrs":484,"content":485},{"colspan":406,"rowspan":406,"colwidth":59,"backgroundColor":59},[486],{"type":327,"attrs":487,"content":488},{"textAlign":59},[489],{"text":490,"type":332},"SAQ A-EP",{"type":432,"attrs":492,"content":493},{"colspan":406,"rowspan":406,"colwidth":59,"backgroundColor":59},[494],{"type":327,"attrs":495,"content":496},{"textAlign":59},[497],{"text":498,"type":332},"No (scan may be required for PCI DSS §6.6)",{"type":432,"attrs":500,"content":501},{"colspan":406,"rowspan":406,"colwidth":59,"backgroundColor":59},[502],{"type":327,"attrs":503,"content":504},{"textAlign":59},[505],{"text":506,"type":332},"Payments are partially outsourced — typically a direct-post or JavaScript-based (non-iframe) implementation. Using Foxy’s standard checkout generally avoids this.",{"type":401,"content":508},[509,517,524],{"type":432,"attrs":510,"content":511},{"colspan":406,"rowspan":406,"colwidth":59,"backgroundColor":59},[512],{"type":327,"attrs":513,"content":514},{"textAlign":59},[515],{"text":516,"type":332},"SAQ B \u002F SAQ B-IP \u002F SAQ C \u002F SAQ C-VT",{"type":432,"attrs":518,"content":519},{"colspan":406,"rowspan":406,"colwidth":59,"backgroundColor":59},[520],{"type":327,"attrs":521,"content":522},{"textAlign":59},[523],{"text":447,"type":332},{"type":432,"attrs":525,"content":526},{"colspan":406,"rowspan":406,"colwidth":59,"backgroundColor":59},[527],{"type":327,"attrs":528,"content":529},{"textAlign":59},[530],{"text":531,"type":332},"Not applicable to ecommerce merchants — these cover standalone terminals, card swipers, or manually processed virtual terminals.",{"type":401,"content":533},[534,542,550],{"type":432,"attrs":535,"content":536},{"colspan":406,"rowspan":406,"colwidth":59,"backgroundColor":59},[537],{"type":327,"attrs":538,"content":539},{"textAlign":59},[540],{"text":541,"type":332},"SAQ D",{"type":432,"attrs":543,"content":544},{"colspan":406,"rowspan":406,"colwidth":59,"backgroundColor":59},[545],{"type":327,"attrs":546,"content":547},{"textAlign":59},[548],{"text":549,"type":332},"Yes, on applicable systems",{"type":432,"attrs":551,"content":552},{"colspan":406,"rowspan":406,"colwidth":59,"backgroundColor":59},[553],{"type":327,"attrs":554,"content":555},{"textAlign":59},[556],{"text":557,"type":332},"Cardholder data is transmitted or stored on systems you control, regardless of payment method. This includes any case where your website or server touches card numbers at all, even briefly (e.g. a POST that immediately forwards the data elsewhere). This is full PCI DSS compliance — 200+ requirements.",{"type":327,"attrs":559,"content":560},{"textAlign":59},[561],{"text":562,"type":332},"If you’re processing more than 20,000 Visa transactions per year, additional merchant-level requirements may also apply.",{"type":327,"attrs":564,"content":565},{"textAlign":59},[566,570],{"text":567,"type":332,"marks":568},"Our general recommendation:",[569],{"type":373},{"text":571,"type":332}," avoid using any virtual terminal functionality so you can stay under the much simpler SAQ A. Never store credit card numbers on your own systems — doing so pushes you into SAQ D, which is significantly more complex and costly. Foxy handles this storage for you, so there’s rarely a reason to take on that burden yourself.",{"type":334,"attrs":573,"content":574},{"level":336,"textAlign":59},[575],{"text":576,"type":332},"How compliance is typically handled",{"type":327,"attrs":578,"content":579},{"textAlign":59},[580],{"text":581,"type":332},"PCI DSS compliance is usually addressed when you set up your merchant account, though it can also come up afterward. Be aware that some payment processors turn PCI compliance into a profit center — charging annual fees (sometimes $149 plus another $99, or up to $19.95\u002Fmonth) that aren’t strictly necessary for your SAQ level. Before paying for any compliance service, confirm what your actual SAQ level requires.",{"type":334,"attrs":583,"content":584},{"level":336,"textAlign":59},[585],{"text":586,"type":332},"Breach insurance",{"type":327,"attrs":588,"content":589},{"textAlign":59},[590],{"text":591,"type":332},"Breach insurance protects merchants and processors if a breach occurs despite PCI compliance being in place — for example, an employee copying down a card number left at a register. If this is a concern for your business, ask your merchant account provider whether they offer breach insurance.",{"type":334,"attrs":593,"content":594},{"level":336,"textAlign":59},[595],{"text":596,"type":332},"If a customer reports a stolen card",{"type":327,"attrs":598,"content":599},{"textAlign":59},[600],{"text":601,"type":332},"Occasionally a merchant hears from a customer that their card was used fraudulently after a purchase, with the assumption that the store (or Foxy) leaked the card details. Foxy undergoes continual security reviews and audits, runs intrusion prevention and detection, and monitors its systems proactively — across millions of transactions for thousands of merchants, reports of a compromised card tracing back to Foxy are extremely rare.",{"type":327,"attrs":603,"content":604},{"textAlign":59},[605],{"text":606,"type":332},"In nearly every case, the more likely explanation is that the customer’s own computer is compromised — missing antivirus protection, outdated OS or browser security patches, or a shared machine used by others who visit risky sites or open unsafe email attachments. Once a keylogger or similar malware is present, any card number the customer types anywhere (not just on your store) can be captured and misused.",{"type":327,"attrs":608,"content":609},{"textAlign":59},[610],{"text":611,"type":332},"If this happens with one of your customers and you’d like Foxy looped in, feel free to reach out — we take it seriously. But it’s worth setting the right expectation with the customer: the fix is usually on their end (running a malware scan, or replacing the computer), not a sign that your store or Foxy’s systems were breached.",{"type":334,"attrs":613,"content":614},{"level":336,"textAlign":59},[615],{"text":616,"type":332},"If you’re being asked to prove compliance",{"type":327,"attrs":618,"content":619},{"textAlign":59},[620],{"text":621,"type":332},"If a payment processor or merchant account provider is asking you to demonstrate PCI compliance, and you aren’t processing cards outside of your Foxy checkout, you can share the following with them:",{"type":623,"content":624},"blockquote",[625],{"type":327,"attrs":626,"content":627},{"textAlign":59},[628],{"text":629,"type":332},"We’ve outsourced our card handling to Foxy, which is a Level 1 PCI Compliant Service Provider listed on both Visa’s and Mastercard’s registries. Do you still require proof of our own compliance? If so, do you have your own tool we should use, or will an SAQ A be sufficient?",{"type":327,"attrs":631,"content":632},{"textAlign":59},[633,635,642],{"text":634,"type":332},"See ",{"text":636,"type":332,"marks":637},"Foxy’s security and compliance certifications",[638],{"type":639,"attrs":640},"link",{"href":641,"uuid":59,"anchor":59,"target":59,"linktype":31},"https:\u002F\u002Ffoxy.io\u002Fhelp\u002Farticles\u002Ffoxys-security-and-compliance-certifications",{"text":643,"type":332}," for links to verify Foxy’s PCI status.",{"type":327,"attrs":645,"content":646},{"textAlign":59},[647,649,655],{"text":648,"type":332},"If your processor responds that you need a higher compliance level or a passing security scan, ",{"text":650,"type":332,"marks":651},"contact us",[652],{"type":639,"attrs":653},{"href":654,"uuid":59,"anchor":59,"target":59,"linktype":31},"https:\u002F\u002Ffoxy.io\u002Fcontact\u002F",{"text":656,"type":332}," so we can help you sort out what’s actually required.",{"id":59,"alt":59,"name":13,"focus":59,"title":59,"source":59,"filename":13,"copyright":59,"fieldtype":81,"meta_data":658},{},"What PCI DSS is, the different levels of compliance (SAQ A through D), and how to tell which requirements actually apply to your store when you process payments through Foxy.","805729bf-0e8a-4d3f-92b4-fcc4c825b83a",[],"pci-dss-and-compliance-requirements","help\u002Farticles\u002Fpci-dss-and-compliance-requirements",-3190,[],2659,"44026604-31e9-47fd-bb21-2e0b171c00e9",[],{"html":670,"sections":671,"segments":687},"\u003Cp>PCI DSS (Payment Card Industry Data Security Standard) is the security standard that governs how businesses handle credit card data. Your specific compliance requirements depend on how your store collects and processes payments, and using Foxy significantly reduces what you’re responsible for.\u003C\u002Fp>\u003Csection id=\"what-is-pci-dss\" data-title=\"What is PCI DSS?\" data-title-node=\"H2\">\u003Chr class=\"my-8\" style=\"margin-left: -48px; margin-right: -40vw\">\u003Ch2 data-anchor-id=\"what-is-pci-dss\">What is PCI DSS?\u003C\u002Fh2>\u003Cp>The Payment Card Industry Security Standards Council (PCI SSC) — made up of major card brands like Visa, Mastercard, and American Express — created the Data Security Standard (DSS) that all merchants accepting card payments must follow in some form.\u003C\u002Fp>\u003Cp>There are multiple levels of compliance, and figuring out which one applies to you can be confusing. Some of that confusion comes from vendors and providers who use misleading language to sell services merchants don’t actually need.\u003C\u002Fp>\u003C\u002Fsection>\u003Csection id=\"the-two-requirements-of-pci-dss\" data-title=\"The two requirements of PCI DSS\" data-title-node=\"H2\">\u003Chr class=\"my-8\" style=\"margin-left: -48px; margin-right: -40vw\">\u003Ch2 data-anchor-id=\"the-two-requirements-of-pci-dss\">The two requirements of PCI DSS\u003C\u002Fh2>\u003Cp>Compliance comes down to two deliverables:\u003C\u002Fp>\u003Cul>\u003Cli>\u003Cp>\u003Cstrong>The Self-Assessment Questionnaire (SAQ)\u003C\u002Fstrong> — ranges from SAQ A (a handful of questions) to SAQ D (200+ requirements).\u003C\u002Fp>\u003C\u002Fli>\u003Cli>\u003Cp>\u003Cstrong>A security scan from an Approved Scanning Vendor (ASV)\u003C\u002Fstrong> — only required for certain SAQ levels.\u003C\u002Fp>\u003C\u002Fli>\u003C\u002Ful>\u003Cp>Simply paying a provider for a “compliance service” does not make you PCI compliant on its own. Real compliance can involve things like staff security training, secure document disposal, and internal policies — none of which a vendor can complete on your behalf just because you paid a monthly fee.\u003C\u002Fp>\u003C\u002Fsection>\u003Csection id=\"which-saq-level-applies-to-you\" data-title=\"Which SAQ level applies to you?\" data-title-node=\"H2\">\u003Chr class=\"my-8\" style=\"margin-left: -48px; margin-right: -40vw\">\u003Ch2 data-anchor-id=\"which-saq-level-applies-to-you\">Which SAQ level applies to you?\u003C\u002Fh2>\u003Cdiv class=\"table-responsive w-100\">\u003Ctable class=\"table table-lg table-bordered my-5\">\u003Cthead class=\"thead-light\">\u003Ctr>\u003Cth>\u003Cp>SAQ level\u003C\u002Fp>\u003C\u002Fth>\u003Cth>\u003Cp>Scan required?\u003C\u002Fp>\u003C\u002Fth>\u003Cth>\u003Cp>Applies to you if…\u003C\u002Fp>\u003C\u002Fth>\u003C\u002Ftr>\u003C\u002Fthead>\u003Ctbody>\u003Ctr>\u003Ctd>\u003Cp>None\u003C\u002Fp>\u003C\u002Ftd>\u003Ctd>\u003Cp>No\u003C\u002Fp>\u003C\u002Ftd>\u003Ctd>\u003Cp>Payments are handled entirely by a third party (e.g., PayPal Express Checkout or Pay with Amazon through Foxy). PCI DSS generally applies only to merchants with their own Merchant ID receiving payments directly.\u003C\u002Fp>\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>\u003Cp>SAQ A\u003C\u002Fp>\u003C\u002Ftd>\u003Ctd>\u003Cp>No\u003C\u002Fp>\u003C\u002Ftd>\u003Ctd>\u003Cp>Payments are fully outsourced through your Foxy checkout using a real gateway (not one that redirects the customer to a hosted payment page). Card details are never handled by phone, through Foxy’s Unified Order Entry, or any other virtual terminal. No cardholder data ever touches your systems, and none is ever stored.\u003C\u002Fp>\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>\u003Cp>SAQ A-EP\u003C\u002Fp>\u003C\u002Ftd>\u003Ctd>\u003Cp>No (scan may be required for PCI DSS §6.6)\u003C\u002Fp>\u003C\u002Ftd>\u003Ctd>\u003Cp>Payments are partially outsourced — typically a direct-post or JavaScript-based (non-iframe) implementation. Using Foxy’s standard checkout generally avoids this.\u003C\u002Fp>\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>\u003Cp>SAQ B \u002F SAQ B-IP \u002F SAQ C \u002F SAQ C-VT\u003C\u002Fp>\u003C\u002Ftd>\u003Ctd>\u003Cp>No\u003C\u002Fp>\u003C\u002Ftd>\u003Ctd>\u003Cp>Not applicable to ecommerce merchants — these cover standalone terminals, card swipers, or manually processed virtual terminals.\u003C\u002Fp>\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>\u003Cp>SAQ D\u003C\u002Fp>\u003C\u002Ftd>\u003Ctd>\u003Cp>Yes, on applicable systems\u003C\u002Fp>\u003C\u002Ftd>\u003Ctd>\u003Cp>Cardholder data is transmitted or stored on systems you control, regardless of payment method. This includes any case where your website or server touches card numbers at all, even briefly (e.g. a POST that immediately forwards the data elsewhere). This is full PCI DSS compliance — 200+ requirements.\u003C\u002Fp>\u003C\u002Ftd>\u003C\u002Ftr>\u003C\u002Ftbody>\u003C\u002Ftable>\u003C\u002Fdiv>\u003Cp>If you’re processing more than 20,000 Visa transactions per year, additional merchant-level requirements may also apply.\u003C\u002Fp>\u003Cp>\u003Cstrong>Our general recommendation:\u003C\u002Fstrong> avoid using any virtual terminal functionality so you can stay under the much simpler SAQ A. Never store credit card numbers on your own systems — doing so pushes you into SAQ D, which is significantly more complex and costly. Foxy handles this storage for you, so there’s rarely a reason to take on that burden yourself.\u003C\u002Fp>\u003C\u002Fsection>\u003Csection id=\"how-compliance-is-typically-handled\" data-title=\"How compliance is typically handled\" data-title-node=\"H2\">\u003Chr class=\"my-8\" style=\"margin-left: -48px; margin-right: -40vw\">\u003Ch2 data-anchor-id=\"how-compliance-is-typically-handled\">How compliance is typically handled\u003C\u002Fh2>\u003Cp>PCI DSS compliance is usually addressed when you set up your merchant account, though it can also come up afterward. Be aware that some payment processors turn PCI compliance into a profit center — charging annual fees (sometimes $149 plus another $99, or up to $19.95\u002Fmonth) that aren’t strictly necessary for your SAQ level. Before paying for any compliance service, confirm what your actual SAQ level requires.\u003C\u002Fp>\u003C\u002Fsection>\u003Csection id=\"breach-insurance\" data-title=\"Breach insurance\" data-title-node=\"H2\">\u003Chr class=\"my-8\" style=\"margin-left: -48px; margin-right: -40vw\">\u003Ch2 data-anchor-id=\"breach-insurance\">Breach insurance\u003C\u002Fh2>\u003Cp>Breach insurance protects merchants and processors if a breach occurs despite PCI compliance being in place — for example, an employee copying down a card number left at a register. If this is a concern for your business, ask your merchant account provider whether they offer breach insurance.\u003C\u002Fp>\u003C\u002Fsection>\u003Csection id=\"if-a-customer-reports-a-stolen-card\" data-title=\"If a customer reports a stolen card\" data-title-node=\"H2\">\u003Chr class=\"my-8\" style=\"margin-left: -48px; margin-right: -40vw\">\u003Ch2 data-anchor-id=\"if-a-customer-reports-a-stolen-card\">If a customer reports a stolen card\u003C\u002Fh2>\u003Cp>Occasionally a merchant hears from a customer that their card was used fraudulently after a purchase, with the assumption that the store (or Foxy) leaked the card details. Foxy undergoes continual security reviews and audits, runs intrusion prevention and detection, and monitors its systems proactively — across millions of transactions for thousands of merchants, reports of a compromised card tracing back to Foxy are extremely rare.\u003C\u002Fp>\u003Cp>In nearly every case, the more likely explanation is that the customer’s own computer is compromised — missing antivirus protection, outdated OS or browser security patches, or a shared machine used by others who visit risky sites or open unsafe email attachments. Once a keylogger or similar malware is present, any card number the customer types anywhere (not just on your store) can be captured and misused.\u003C\u002Fp>\u003Cp>If this happens with one of your customers and you’d like Foxy looped in, feel free to reach out — we take it seriously. But it’s worth setting the right expectation with the customer: the fix is usually on their end (running a malware scan, or replacing the computer), not a sign that your store or Foxy’s systems were breached.\u003C\u002Fp>\u003C\u002Fsection>\u003Csection id=\"if-youre-being-asked-to-prove-compliance\" data-title=\"If you’re being asked to prove compliance\" data-title-node=\"H2\">\u003Chr class=\"my-8\" style=\"margin-left: -48px; margin-right: -40vw\">\u003Ch2 data-anchor-id=\"if-youre-being-asked-to-prove-compliance\">If you’re being asked to prove compliance\u003C\u002Fh2>\u003Cp>If a payment processor or merchant account provider is asking you to demonstrate PCI compliance, and you aren’t processing cards outside of your Foxy checkout, you can share the following with them:\u003C\u002Fp>\u003Cblockquote>\u003Cp>We’ve outsourced our card handling to Foxy, which is a Level 1 PCI Compliant Service Provider listed on both Visa’s and Mastercard’s registries. Do you still require proof of our own compliance? If so, do you have your own tool we should use, or will an SAQ A be sufficient?\u003C\u002Fp>\u003C\u002Fblockquote>\u003Cp>See \u003Ca href=\"https:\u002F\u002Ffoxy.io\u002Fhelp\u002Farticles\u002Ffoxys-security-and-compliance-certifications\" class=\"\">Foxy’s security and compliance certifications\u003C\u002Fa> for links to verify Foxy’s PCI status.\u003C\u002Fp>\u003Cp>If your processor responds that you need a higher compliance level or a passing security scan, \u003Ca href=\"https:\u002F\u002Ffoxy.io\u002Fcontact\u002F\" class=\"\">contact us\u003C\u002Fa> so we can help you sort out what’s actually required.\u003C\u002Fp>\u003C\u002Fsection>",[672,675,677,679,681,683,685],{"id":673,"title":339,"level":674},"what-is-pci-dss","H2",{"id":676,"title":354,"level":674},"the-two-requirements-of-pci-dss",{"id":678,"title":396,"level":674},"which-saq-level-applies-to-you",{"id":680,"title":576,"level":674},"how-compliance-is-typically-handled",{"id":682,"title":586,"level":674},"breach-insurance",{"id":684,"title":596,"level":674},"if-a-customer-reports-a-stolen-card",{"id":686,"title":616,"level":674},"if-youre-being-asked-to-prove-compliance",[688],{"type":689,"content":690},"html","\u003Cp>PCI DSS (Payment Card Industry Data Security Standard) is the security standard that governs how businesses handle credit card data. Your specific compliance requirements depend on how your store collects and processes payments, and using Foxy significantly reduces what you’re responsible for.\u003C\u002Fp>\u003Ch2>What is PCI DSS?\u003C\u002Fh2>\u003Cp>The Payment Card Industry Security Standards Council (PCI SSC) — made up of major card brands like Visa, Mastercard, and American Express — created the Data Security Standard (DSS) that all merchants accepting card payments must follow in some form.\u003C\u002Fp>\u003Cp>There are multiple levels of compliance, and figuring out which one applies to you can be confusing. Some of that confusion comes from vendors and providers who use misleading language to sell services merchants don’t actually need.\u003C\u002Fp>\u003Ch2>The two requirements of PCI DSS\u003C\u002Fh2>\u003Cp>Compliance comes down to two deliverables:\u003C\u002Fp>\u003Cul>\u003Cli>\u003Cp>\u003Cstrong>The Self-Assessment Questionnaire (SAQ)\u003C\u002Fstrong> — ranges from SAQ A (a handful of questions) to SAQ D (200+ requirements).\u003C\u002Fp>\u003C\u002Fli>\u003Cli>\u003Cp>\u003Cstrong>A security scan from an Approved Scanning Vendor (ASV)\u003C\u002Fstrong> — only required for certain SAQ levels.\u003C\u002Fp>\u003C\u002Fli>\u003C\u002Ful>\u003Cp>Simply paying a provider for a “compliance service” does not make you PCI compliant on its own. Real compliance can involve things like staff security training, secure document disposal, and internal policies — none of which a vendor can complete on your behalf just because you paid a monthly fee.\u003C\u002Fp>\u003Ch2>Which SAQ level applies to you?\u003C\u002Fh2>\u003Cdiv class=\"table-responsive w-100\">\u003Ctable class=\"table table-lg table-bordered my-5\">\u003Cthead>\u003Ctr>\u003Cth>\u003Cp>SAQ level\u003C\u002Fp>\u003C\u002Fth>\u003Cth>\u003Cp>Scan required?\u003C\u002Fp>\u003C\u002Fth>\u003Cth>\u003Cp>Applies to you if…\u003C\u002Fp>\u003C\u002Fth>\u003C\u002Ftr>\u003C\u002Fthead>\u003Ctbody>\u003Ctr>\u003Ctd>\u003Cp>None\u003C\u002Fp>\u003C\u002Ftd>\u003Ctd>\u003Cp>No\u003C\u002Fp>\u003C\u002Ftd>\u003Ctd>\u003Cp>Payments are handled entirely by a third party (e.g., PayPal Express Checkout or Pay with Amazon through Foxy). PCI DSS generally applies only to merchants with their own Merchant ID receiving payments directly.\u003C\u002Fp>\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>\u003Cp>SAQ A\u003C\u002Fp>\u003C\u002Ftd>\u003Ctd>\u003Cp>No\u003C\u002Fp>\u003C\u002Ftd>\u003Ctd>\u003Cp>Payments are fully outsourced through your Foxy checkout using a real gateway (not one that redirects the customer to a hosted payment page). Card details are never handled by phone, through Foxy’s Unified Order Entry, or any other virtual terminal. No cardholder data ever touches your systems, and none is ever stored.\u003C\u002Fp>\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>\u003Cp>SAQ A-EP\u003C\u002Fp>\u003C\u002Ftd>\u003Ctd>\u003Cp>No (scan may be required for PCI DSS §6.6)\u003C\u002Fp>\u003C\u002Ftd>\u003Ctd>\u003Cp>Payments are partially outsourced — typically a direct-post or JavaScript-based (non-iframe) implementation. Using Foxy’s standard checkout generally avoids this.\u003C\u002Fp>\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>\u003Cp>SAQ B \u002F SAQ B-IP \u002F SAQ C \u002F SAQ C-VT\u003C\u002Fp>\u003C\u002Ftd>\u003Ctd>\u003Cp>No\u003C\u002Fp>\u003C\u002Ftd>\u003Ctd>\u003Cp>Not applicable to ecommerce merchants — these cover standalone terminals, card swipers, or manually processed virtual terminals.\u003C\u002Fp>\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>\u003Cp>SAQ D\u003C\u002Fp>\u003C\u002Ftd>\u003Ctd>\u003Cp>Yes, on applicable systems\u003C\u002Fp>\u003C\u002Ftd>\u003Ctd>\u003Cp>Cardholder data is transmitted or stored on systems you control, regardless of payment method. This includes any case where your website or server touches card numbers at all, even briefly (e.g. a POST that immediately forwards the data elsewhere). This is full PCI DSS compliance — 200+ requirements.\u003C\u002Fp>\u003C\u002Ftd>\u003C\u002Ftr>\u003C\u002Ftbody>\u003C\u002Ftable>\u003C\u002Fdiv>\u003Cp>If you’re processing more than 20,000 Visa transactions per year, additional merchant-level requirements may also apply.\u003C\u002Fp>\u003Cp>\u003Cstrong>Our general recommendation:\u003C\u002Fstrong> avoid using any virtual terminal functionality so you can stay under the much simpler SAQ A. Never store credit card numbers on your own systems — doing so pushes you into SAQ D, which is significantly more complex and costly. Foxy handles this storage for you, so there’s rarely a reason to take on that burden yourself.\u003C\u002Fp>\u003Ch2>How compliance is typically handled\u003C\u002Fh2>\u003Cp>PCI DSS compliance is usually addressed when you set up your merchant account, though it can also come up afterward. Be aware that some payment processors turn PCI compliance into a profit center — charging annual fees (sometimes $149 plus another $99, or up to $19.95\u002Fmonth) that aren’t strictly necessary for your SAQ level. Before paying for any compliance service, confirm what your actual SAQ level requires.\u003C\u002Fp>\u003Ch2>Breach insurance\u003C\u002Fh2>\u003Cp>Breach insurance protects merchants and processors if a breach occurs despite PCI compliance being in place — for example, an employee copying down a card number left at a register. If this is a concern for your business, ask your merchant account provider whether they offer breach insurance.\u003C\u002Fp>\u003Ch2>If a customer reports a stolen card\u003C\u002Fh2>\u003Cp>Occasionally a merchant hears from a customer that their card was used fraudulently after a purchase, with the assumption that the store (or Foxy) leaked the card details. Foxy undergoes continual security reviews and audits, runs intrusion prevention and detection, and monitors its systems proactively — across millions of transactions for thousands of merchants, reports of a compromised card tracing back to Foxy are extremely rare.\u003C\u002Fp>\u003Cp>In nearly every case, the more likely explanation is that the customer’s own computer is compromised — missing antivirus protection, outdated OS or browser security patches, or a shared machine used by others who visit risky sites or open unsafe email attachments. Once a keylogger or similar malware is present, any card number the customer types anywhere (not just on your store) can be captured and misused.\u003C\u002Fp>\u003Cp>If this happens with one of your customers and you’d like Foxy looped in, feel free to reach out — we take it seriously. But it’s worth setting the right expectation with the customer: the fix is usually on their end (running a malware scan, or replacing the computer), not a sign that your store or Foxy’s systems were breached.\u003C\u002Fp>\u003Ch2>If you’re being asked to prove compliance\u003C\u002Fh2>\u003Cp>If a payment processor or merchant account provider is asking you to demonstrate PCI compliance, and you aren’t processing cards outside of your Foxy checkout, you can share the following with them:\u003C\u002Fp>\u003Cblockquote>\u003Cp>We’ve outsourced our card handling to Foxy, which is a Level 1 PCI Compliant Service Provider listed on both Visa’s and Mastercard’s registries. Do you still require proof of our own compliance? If so, do you have your own tool we should use, or will an SAQ A be sufficient?\u003C\u002Fp>\u003C\u002Fblockquote>\u003Cp>See \u003Ca href=\"https:\u002F\u002Ffoxy.io\u002Fhelp\u002Farticles\u002Ffoxys-security-and-compliance-certifications\" class=\"\">Foxy’s security and compliance certifications\u003C\u002Fa> for links to verify Foxy’s PCI status.\u003C\u002Fp>\u003Cp>If your processor responds that you need a higher compliance level or a passing security scan, \u003Ca href=\"https:\u002F\u002Ffoxy.io\u002Fcontact\u002F\" class=\"\">contact us\u003C\u002Fa> so we can help you sort out what’s actually required.\u003C\u002Fp>",{"name":692,"created_at":693,"published_at":694,"updated_at":695,"id":696,"uuid":47,"content":697,"slug":48,"full_slug":48,"sort_by_date":59,"position":875,"tag_list":876,"is_startpage":24,"parent_id":59,"meta_data":59,"group_id":877,"first_published_at":878,"release_id":59,"lang":65,"path":59,"alternates":879,"default_full_slug":59,"translated_slugs":59},"Contact","2022-09-23T19:56:58.957Z","2025-05-08T18:24:40.382Z","2025-05-08T18:24:40.392Z",3138,{"seo":698,"_uid":701,"title":702,"action":703,"fields":704,"method":851,"columns":852,"subtitle":866,"component":48,"button_text":872,"submit_title":873,"submit_subtitle":874},{"_uid":699,"title":692,"plugin":700,"description":13},"24ff7574-3bcc-48d2-85b5-e529dfea1cc4","meta-fields","8f54f1da-9d8f-49b2-89e7-840e886491cb","We're here to help.","https:\u002F\u002Fusebasin.com\u002Ff\u002F029f48d65402",[705,710,714,822,825,830,845],{"_uid":706,"name":707,"type":332,"label":708,"options":13,"required":33,"component":709,"placeholder":13},"9a70b226-2036-4f90-a052-b3efa61c5896","name","Name","form___field",{"_uid":711,"name":712,"type":712,"label":713,"options":13,"required":33,"component":709,"placeholder":13},"86ba35be-ff43-4a28-8633-14052a8f6622","email","Email Address",{"_uid":715,"name":716,"type":717,"label":718,"options":719,"required":33,"component":709,"conditions":720,"placeholder":13},"3f827475-492c-4f97-aa1e-2386ac263b6c","topic","select","Topic","Presales, Support, Billing, Partnerships, Order Enquiry, Other",[721,776,786,793,801,809,815],{"_uid":722,"equals":723,"fields":724,"component":775},"e21d97dd-e68e-4fa6-ba97-bc40f3041dde","Order Enquiry",[725],{"_uid":726,"body":727,"type":773,"title":13,"component":774},"b64992bc-6d53-48b8-b7a0-d81e5a062e50",{"type":324,"content":728},[729],{"type":327,"content":730},[731,733,740,742,744,745,749,751,756,764,766,771],{"text":732,"type":332},"We are ",{"text":734,"type":332,"marks":735},"Foxy.io",[736],{"type":639,"attrs":737},{"href":738,"uuid":59,"anchor":59,"custom":739,"target":59,"linktype":31},"http:\u002F\u002FFoxy.io",{},{"text":741,"type":332},", an ecommerce platform powering ecommerce for other merchants. We do not sell products, and are unable to assist with questions about order statuses or refunds for any merchants using our platform. Please contact the merchant you ordered from for assistance. If you’d like to report a store using Foxy for fraudulent practices, please select ‘other’ in the subject.",{"type":743},"hard_break",{"type":743},{"text":746,"type":332,"marks":747},"NOTE:",[748],{"type":373},{"text":750,"type":332}," We are ",{"text":752,"type":332,"marks":753},"not ",[754],{"type":755},"italic",{"text":757,"type":332,"marks":758},"Foxy.in",[759,763],{"type":639,"attrs":760},{"href":761,"uuid":59,"anchor":59,"custom":762,"target":59,"linktype":31},"http:\u002F\u002FFoxy.in",{},{"type":755},{"text":765,"type":332},". We are not in any way affiliated with ",{"text":757,"type":332,"marks":767},[768],{"type":639,"attrs":769},{"href":761,"uuid":59,"anchor":59,"custom":770,"target":59,"linktype":31},{},{"text":772,"type":332},", and cannot help in any way with your order from that website.","danger","global___alert","form___condition",{"_uid":777,"equals":778,"fields":779,"component":775},"8765c3e1-25cf-44aa-b8ea-fc6094acf9c3","Presales",[780],{"_uid":781,"name":782,"type":783,"label":13,"options":13,"required":24,"component":709,"conditions":784,"placeholder":13,"default_value":785},"cf464f8e-d643-4f6e-af29-d3abffaf7380","department_email_address","hidden",[],"hello@foxy.io",{"_uid":787,"equals":208,"fields":788,"component":775},"4007b6d8-77e5-421d-bd1e-6f336dd853fb",[789],{"_uid":790,"name":782,"type":783,"label":13,"options":13,"required":24,"component":709,"conditions":791,"placeholder":13,"default_value":792},"7b4c6aa5-a68c-45e0-9ce1-0a36af10c0c2",[],"help@foxy.io",{"_uid":794,"equals":795,"fields":796,"component":775},"1dbb8f11-613d-43cd-9e09-1b94f6e19219","Billing",[797],{"_uid":798,"name":782,"type":783,"label":13,"options":13,"required":24,"component":709,"conditions":799,"placeholder":13,"default_value":800},"a0ac0d1b-bc4f-4a6c-a682-581d450b0b73",[],"help+billing@foxy.io",{"_uid":802,"equals":803,"fields":804,"component":775},"a0a53a50-7172-4a29-ba58-181e38874e12","Partnerships",[805],{"_uid":806,"name":782,"type":783,"label":13,"options":13,"required":24,"component":709,"conditions":807,"placeholder":13,"default_value":808},"7aa011d9-f374-4aed-b5a5-929b54aaf152",[],"partners@foxy.io",{"_uid":810,"equals":723,"fields":811,"component":775},"a4cd431f-25d5-41c7-bfdc-02c908c8fb47",[812],{"_uid":813,"name":782,"type":783,"label":13,"options":13,"required":24,"component":709,"conditions":814,"placeholder":13,"default_value":785},"f5d52168-d6ae-451b-94ee-2ced1cbd28ad",[],{"_uid":816,"equals":817,"fields":818,"component":775},"25aba1ed-eb41-4bbc-aa89-f7a7167ea86e","Other",[819],{"_uid":820,"name":782,"type":783,"label":13,"options":13,"required":24,"component":709,"conditions":821,"placeholder":13,"default_value":785},"f40dfaef-c203-4b71-bf4e-e1b43cef192b",[],{"_uid":823,"component":824},"e9c53a05-f40a-4510-aaf8-bc072a235a0c","form___subject",{"_uid":826,"name":827,"type":828,"label":829,"options":13,"required":33,"component":709,"placeholder":13},"a4c4d385-fff4-4978-99fb-b68cfea623d6","message","textarea","Message",{"_uid":831,"name":832,"type":717,"label":833,"options":834,"required":33,"component":709,"conditions":835,"placeholder":13},"8a3c9f85-f438-427d-9c7a-d7b295a14b5b","existing_user","Are you an existing user?","No, Yes",[836],{"_uid":837,"equals":838,"fields":839,"component":775},"115933d6-262a-4b59-8fa8-579c5ad73de1","Yes",[840],{"_uid":841,"name":842,"type":332,"label":843,"options":13,"required":33,"component":709,"conditions":844,"placeholder":13},"44b6ff23-98f0-4e95-b7f5-c23e06415c2d","subdomain","Store Subdomain",[],{"_uid":846,"name":847,"type":717,"label":848,"options":849,"required":33,"component":709,"conditions":850,"placeholder":13},"922a5cef-3af2-4113-8855-36c7910e3ee3","user_type","What type of user are you?","Developer, Designer, Merchant",[],"POST",[853],{"_uid":854,"text":855,"title":864,"component":865},"7323b90d-a93a-4bf1-baa9-20d0b7ead61b",{"type":324,"content":856},[857],{"type":327,"content":858},[859,861,862],{"text":860,"type":332},"855.369.9227",{"type":743},{"text":863,"type":332},"9:30am-6pm Central M-F","Pre-sales, Sales, & Partnerships","contact___footer_column",{"type":324,"content":867},[868],{"type":327,"content":869},[870],{"text":871,"type":332},"Get in touch to get help from our friendly support team.","Submit","Success!","Your email has been received. We'll get back to you as soon as we can, but it might take a business day. If you don't hear back from us in a timely manner, please check your spam folder to ensure our reply didn't go there.",-80,[],"2fd9fb7d-a48a-4184-acfd-30022d8d6f08","2022-09-23T20:10:45.360Z",[],[288,881],{"name":882,"created_at":883,"published_at":884,"updated_at":885,"id":886,"uuid":660,"content":887,"slug":902,"full_slug":903,"sort_by_date":59,"position":904,"tag_list":905,"is_startpage":24,"parent_id":310,"meta_data":59,"group_id":906,"first_published_at":907,"release_id":59,"lang":65,"path":59,"alternates":908,"default_full_slug":59,"translated_slugs":59},"Security & Policies","2023-01-19T16:27:35.000Z","2026-07-16T04:20:56.886Z","2026-07-16T04:20:56.901Z",28244,{"_uid":888,"icon":889,"name":882,"type":890,"guides":891,"pinned":24,"summary":892,"category":13,"component":297,"blog_posts":893,"content_hub":24,"icon_custom":894,"case_studies":895,"faq_sections":896,"help_articles":897,"featured_guides":898,"mailbox_category":13,"featured_articles":899,"featured_blog_posts":900,"featured_case_studies":901},"e9746086-08b8-4b9e-afb3-5264fdca1ea1","fa-lock-alt","simple",[],"Security information and resources for keeping you and your customers safe.",[],{"id":59,"alt":59,"name":13,"focus":59,"title":59,"filename":13,"copyright":59,"fieldtype":81},[],[],[],[],[],[],[],"security-and-policies","help\u002Fcategories\u002Fsecurity-and-policies",100,[],"e8afb525-b6de-4134-9bf9-63989d71a318","2023-01-19T17:25:33.172Z",[],{},1784176460338]