PCI compliance and the security of your data and your customers' personal data is very important to us. PCI compliance is a complicated process and has varying levels of compliance based upon how sensitive payment information is handled and processed. In that regard, there are two very important distinctions our customers should be aware of:
- Brushfire NEVER stores sensitive payment information from your customers' credit card, debit card, or checking account. We only store the customer's name, the last 4 digits of their account number, and the type of card that was used. This is so you can quickly and easily look up orders based upon this information. Once payment is processed by your gateway, we store a reference to the transaction ID provided by your gateway so that if any further changes (refunds, cancellations, etc) need to take place, we can send that transaction ID back to the gateway and make the appropriate changes without requiring the customer's credit card information again.
- Brushfire NEVER handles your money directly. Payment always proceeds from the customer's account, through your payment gateway/processor and then lands in your bank account.
Because of these two important concepts, Brushfire is only required to be PCI compliant as a vendor who relays payment information and not as an actual account holder or a vendor who stores sensitive card data. If you require proof of certification of our compliance, please contact firstname.lastname@example.org.