Foxy's Security and Compliance
- Reporting a security issue
- Foxy's PCI Attestation of Compliance (AOC) prepared by our QSA, available by request.
Foxy.io is a PCI Compliant Level 1 Service Provider
Foxy.io is currently a Level 1 Service Provider. This means that our systems are secured at the highest standards of PCI DSS.
You can verify our status at:
- Visa's Global Registry of Service Providers (searchable site)
- MasterCard's PCI Compliant Service Provider List (PDF, find the "Service Provider List" section)
What is PCI DSS, and how does it relate to you?
How PCI relates to your store will be determined by your unique set up. By using Foxy, we do take on at least some of the compliance requirements as it relates to your online store. For an in depth summary of the different areas of PCI compliance, what level might relate to you, and what to do if someone is telling you that you need to pay to be compliant, check out our overview of what it is, and what it means to you.
Copy/Paste Text for Your Policies
If you need a blurb for your customer-facing marketing or policies, feel free to use this (if indeed you aren't accepting cardholder data except via Foxy.io):
In order to minimize the risk of security incidents, we fully outsource all payment processing to Foxy.io. Foxy.io is PCI DSS (Payment Card Industry Data Security Standard) Compliant as a Level 1 Service Provider, and is listed on both Visa and MasterCard's global registries. Anytime you submit payment information via our website, you are submitting through Foxy.io's secure infrastructure. If you opt to save your payment information during checkout, that information is stored at Foxy. We don't have access to your payment details except for the last 4 digits, the card type, and the expiration date.