PCI Security Standards Council

PCI Compliance and Security

Shift4Shop operates within a PCI DSS-compliant environment and undergoes annual compliance assessments as part of our security program.

Our platform is designed to support secure e-commerce transactions while helping merchants operate on infrastructure that is assessed against current PCI DSS standards.

For the latest compliance documentation and security resources, please visit Shift4 Security Corner.

How Shift4Shop Handles Payment Data

Shift4Shop transmits payment data to the applicable payment gateway for authorization and settlement, and does not store cardholder data in the Shift4Shop data environment.

This means merchants using Shift4Shop benefit from a platform that operates in a PCI-assessed environment and relies on supported payment gateways to process transactions securely.

What This Means for Merchants

Shift4Shop supports a defined set of payment gateway integrations, and the merchant’s PCI scope may vary depending on the supported gateway and payment flow used.

In other words, while Shift4Shop itself operates within a PCI-compliant environment, the merchant’s PCI requirements can vary depending on the gateway configuration in use.

Annual Compliance

Shift4Shop’s PCI compliance is reviewed and renewed on a recurring basis.

For the latest attestation and related security documentation, please refer to Shift4 Security Corner.

Security Commitment

Security is a core part of how Shift4Shop operates. We continuously maintain our e-commerce environment to support secure online transactions and align with the broader Shift4 security and compliance posture.