Compliance and Security Certifications

Founded on protecting client and consumer data, TrustCommerce meets and/or exceeds all applicable industry standards.

TrustCommerce is fully PCI DSS compliant and remains so year after year, since the inception of the program.  We are listed on the Visa Global List of PCI DSS Validated Service providers:

All applicable PCI requirements are in full compliance.  As a Level 1 Service Provider, TrustCommerce is required to be assessed for compliance against the Payment Card Industry Data Security Standard (PCI DSS) each year. The PCI DSS provides technical and operational requirements, minimum standards, and guidelines for all entities that process, store, or transmit cardholder data, including issuers, acquirers, merchants, and service providers.

As part of our annual PCI DSS assessment, a third-party Qualified Security Assessor (QSA) assesses and reviews our internal documentation and systems, as part of their validation process.

To ensure trusted transactions, TC Safe PCI-Validated P2PE solution safeguards credit and debit card payments by encrypting all data within a PCI PTS SRED certified device. No clear-text cardholder data is accessible in the device, in transit, or within a merchant’s system. Encrypting at the point of interaction makes sensitive information undecipherable and useless to hackers. By eliminating clear text cardholder data from a merchant’s environment, TC Safe can diminish PCI DSS scope.

TrustCommerce’s approved solutions can be viewed on the PCI SSC P2PE Solutions site:


TrustCommerce is Europay, MasterCard and Visa (EMV) certified with all four card brands. In addition, we are certified for EMV debit transactions.

EMV is a global fraud reduction standard for credit and debit payment cards based on chip card technology. This technology is used to combat fraud and protect sensitive payment data in card-present environments. Chip card technology, or Integrated Circuit Cards (ICC), are standard bank cards that look like traditional cards, but with an embedded chip in addition to the standard magnetic stripe on the back of the card.

Unlike swiping a payment card with a magnetic stripe, EMV uses dynamic authentication that is unique for each transaction. Magnetic stripe transactions use static authentication data which is easy to copy and prone to skimming.

TrustCommerce is certified for the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF), a security framework harmonizing requirements of existing standards and regulations, including federal (HIPAA, HITECH), third party (PCI, COBIT) and government (NIST, FTC).

TrustCommerce hosts all production equipment in SAS 70 Type II / Statement on Standards for Attestation Engagements (SSAE) 16 SOC 2 and 3 Type II facilities. The review is conducted annually.

Secure Data Centers, Highest Availability

TrustCommerce maintains and achieves only the highest availability, uptime, and reliability standards.

Security and privacy elements are the foundation of all TrustCommerce applications, infrastructure, processing facilities, and corporate operations.

TrustCommerce solutions:

  • Are hosted in independent, active-active and/or active-passive redundant facilities.
  • Have client-and server-side availability switching (fail-over and load-balancing) implemented to ensure maximum product and service availability.
  • Are maintained under a comprehensive system health management system (SHMS) that monitors all mission-critical services, detects and notifies regarding perceived and real anomalies and, in some cases, provides containment services.
  • SHMS notifications are monitored 24×7 by our dedicated operations team.

Want to Learn More?

Submit the form below and a TrustCommerce team member will contact you.

credit card emv payments