Jane Payments is PCI-compliant and built on Stripe, which meets PCI DSS (Payment Card Industry Data Security Standard) requirements. Jane undergoes an annual third-party audit to ensure every base is covered.
That said, PCI compliance is a shared responsibility. Here’s how it breaks down:
- Jane Payments handles card data in a PCI-compliant way. No raw credit card data is stored in Jane. Instead, Jane stores a token (a non-sensitive placeholder that references the actual card data held securely by Stripe).
- Your clinic is also responsible for handling credit card data appropriately, including never storing card information in plain text (in Jane or elsewhere).
Supporting Information
What is PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements that applies to any organization that accepts, processes, or stores credit card payments. Compliance is overseen by the PCI Security Standards Council.
Who is responsible for PCI compliance?
PCI compliance is a shared responsibility. Jane Payments provides a PCI-compliant environment for capturing and processing payments, but clinic staff are also responsible for following secure practices, including never storing credit cards in plain text.
How does Jane securely store card information?
Jane stores a token rather than the credit card information itself. The token is a non-sensitive code that points to the card data, which Stripe stores and secures on Jane’s behalf.
If you have questions about Jane’s PCI compliance or how payment security is handled, reach out to the Privacy and Security team at [email protected].