Let us handle the hard stuff.

DPD is a PCI Compliant Service Provider

DPD is compliant with the Service Provider requirements of the Payment Card Industry Data Security Standard (PCI DSS), a set of comprehensive requirements developed by the major card brands to facilitate the adoption of consistent data security measures.

There is nothing DPD takes more seriously than the reliability and security of our hosted cart and checkout. DPD is designed and developed using industry standard secure coding techniques and our servers and hardware are located in a secure datacenter to prevent tampering.

What is PCI Compliance?

In security terms, it means that your business adheres to the PCI DSS requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.

In operational terms, it means that you are playing your role to make sure your customers' payment card data is being kept safe throughout every transaction, and that they – and you – can have confidence that they're protected against the pain and cost of data breaches.

Our measures to remain compliant with the standards of the PCI DSS:

  1. DPD never stores any payment card information, including card numbers, stripe data, or CVV codes.
  2. Regular scanning of our public IP addresses that process credit card transactions by an Approved Scanning Vendor (ASV).
  3. Developed and maintained security policies compliant with the PCI DSS.
  4. Regular penetration and common exploit testing, such as cross-site scripting and man in the middle attacks.
  5. HTTPS SSL for all cart and checkout subdomains, and an Extended Validation (EV-SSL) certificate on our main getdpd.com.
  6. Completion and review of the PCI-DSS Self Assessment Questionnaire (SAQ) Type D for Service Providers.

DPD's scanning and validation is performed by Control Scan, a Qualified Security Assessor (QSA) and Approved Scanning Vendor (ASV) registered with the PCI Security Standards Council.

A PDF copy of our current compliance certificate issued by Control Scan can be provided to vendors upon request. Send us a support ticket and we'll be happy to provide it to you.

What does all this mean for me?

Merchant accounts, credit card gateways, and payment processors all require PCI compliance from their merchants. By using DPD as a PCI compliant service provider, you greatly reduce the PCI compliance requirements for your own business and website.

You will also have the peace of mind knowing that DPD is continuously taking steps to secure your customer's payment data.

About DPD

DPD is an all-in-one shopping cart and digital fulfillment service for downloadable products. Serving thousands of stores, DPD processes and delivers millions worth of downloads each year.