The Payment Card Industry Data Security Standard (PCI DSS) ensures that compliant entities must process, store and transmit card information in a secure environment.
The PCI DSS established for Wingify is applicable for the integration code, i.e., the Wingify SmartCode and SDKs required for making Wingify Customer Experience Optimization functional.
If you use Wingify on your website to process the card information, you can make your account compliant with PCI DSS version 4.0.1. This has to do with being selective about the kind of data that is tracked by Wingify and how this data is being accessed by the users of the Wingify account.
How to make your Wingify account PCI DSS version 4.0.1 compliant?
To ensure that the data is collected in your Wingify account and to secure its accessibility to PCI standards, an admin/owner user needs to enable the following options by accessing the gear icon ⚙ on the top right and go to Account > Security > Login and Access section:
INFO: By default, Wingify collects and transmits data using TLS 1.2 and above.
- Expire user's passwords in 90 days
- Log users out of Wingify after 15 minutes of inactivity
- Prevent users from reusing last <> passwords while resetting
- Prevent users from reusing a password that was used in the last <> days while resetting
NOTE:
- If you have enabled the setting wherein the user gets logged out after 15 minutes of inactivity, their Remember me preference on the login page will be overridden
- Password expiry is not applicable if logins are governed by SSO.
By virtue of enabling these options in Wingify, the data in your account and its access methods will comply with PCI DSS 4.0.1 standards.