DPD is compliant with the Service Provider requirements of the Payment Card Industry Data Security Standard (PCI DSS), a set of comprehensive requirements developed by the major card brands to facilitate the adoption of consistent data security measures.
There is nothing DPD takes more seriously than the reliability and security of our hosted cart and checkout. DPD is designed and developed using industry standard secure coding techniques and our servers and hardware are located in a secure datacenter to prevent tampering.
DPD's measures to remain compliant in accordance with the rigorous Service Provider standards of the PCI DSS:
- DPD never stores any payment card information, including card numbers, stripe data, or CVV codes.
- Regular scanning of our public IP addresses that process credit card transactions by an Approved Scanning Vendor (ASV).
- Developed and maintained security policies compliant with the PCI DSS.
- Regular penetration and common exploit testing, such as cross-site scripting and man in the middle attacks.
- HTTPS SSL for all cart and checkout subdomains, and an Extended Validation (EV-SSL) certificate on our main getdpd.com.
- Completion and review of the PCI-DSS Self Assessment Questionnaire (SAQ) Type D for Service Providers.
DPD's scanning and validation is performed by Control Scan, a Qualified Security Assessor (QSA) and Approved Scanning Vendor (ASV) registered with the PCI Security Standards Council.
A copy of our compliance certificate issued by Control Scan can be provided to vendors upon request. Send us a support ticket and we'll be happy to provide it to you.