• Reporting a security issue
• FoxyCart's PCI Attestation of Compliance (AOC) prepared by our QSA, available by request.

FoxyCart is currently a Level 1 Service Provider. This means that our systems are secured at the highest standards of PCI DSS.

You can verify our status at:

• Visa's Global Registry of Service Providers (searchable site)
• MasterCard's PCI Compliant Service Provider List (PDF)

How PCI relates to your store will be determined by your unique set up. By using FoxyCart, we do take on at least some of the compliance requirements as it relates to your online store. For an in depth summary of the different areas of PCI compliance, what level might relate to you, and what to do if someone is telling you that you need to pay to be compliant, check out our overview of what it is, and what it means to you.

If you need a blurb for your customer-facing marketing or policies, feel free to use this (if indeed you aren't accepting cardholder data except via FoxyCart):

​Cardholder Data Security Policies:​
In order to minimize the risk of security incidents, we fully outsource all payment processing to FoxyCart.com. FoxyCart is PCI DSS (Payment Card Industry Data Security Standard) Compliant as a Level 1 Service Provider, and is listed on both Visa and MasterCard's global registries. Anytime you submit payment information via our website, you are submitting through FoxyCart's secure infrastructure. If you opt to save your payment information during checkout, that information is stored at FoxyCart. We don't have access to your payment details except for the last 4 digits, the card type, and the expiration date.