Security of Wix's Billing Services and PCI Compliance

The security of our users' sensitive data is of extreme importance to us here at Wix and we are 100% committed to protecting it.

The PCI DSS is an information security standard for organizations or companies that accept credit card payments. This standard helps to create a secure environment by increasing cardholder data, thus reducing credit card fraud.

Wix is Payment Card Industry Data Security Standards (PCI DSS) compliant and is accredited as a Level 1 service provider and merchant. Wix’s PCI DSS compliance is assessed by an external company, and we are audited on a yearly basis in order to align with PCI standards.

Wix PCI applications are running in a dedicated environment - with segregation from other product flows and servers - suitable for the highest PCI standards.

Within our PCI environment, we maintain the highest standard of encryption and storage measures using a FIPS 140-2-certified HSM (Hardware Security Module). Our users’ data at rest encryption utilizes AES-256, the industry’s most broadly used encryption method.

ISO 27001 Compliance
Wix has been audited and certified as ISO 27001 compliant. The ISO 27001 certification outlines industry best practices for managing security risks. 

ISO 27701 Compliance
Wix has been audited and certified as ISO 27701 compliant. The ISO 27701 certification outlines industry best practices for privacy information management.

ISO 27017 Compliance
Wix has been audited and certified as ISO 27017 compliant. The ISO 27017 certification outlines industry best practices for security techniques in a public cloud computing environment.

Wix has been audited and certified as ISO 27018 compliant. The ISO 27018 certification outlines industry best practices for security techniques for PII protection in a public cloud computing environment.

Transport Layer Security (TLS) is a protocol that helps protect your online financial transactions by ensuring secure communication over a network

The PCI Council states that any organization handling payment card transactions must use TLS 1.2 or higher in order to meet PCI DSS compliance standards.

Wix uses Transport Layer Security and does meet PCI DSS compliance standards.
We allow a minimum of TLS 1.2 so that out-of-date devices or browsers can access the website on your domain when they try to view it. At the same time, our sites allow the latest version of TLS for browsers which support it.

Visitors with older browsers may be able to visit your site, however, if their older device protocols don’t meet PCI security standards, they may not be able to complete a transaction.

Click a question below to learn more about Wix's online security.