The protection of your customers' credit card transactions and confidential information is our highest priority. That's why GiftTool's enterprise-strength security is backed by the latest encryption technology, ensuring that credit card payments are 100% secure before, during, and after each and every transaction.
GiftTool operates under security best practices and undergoes ongoing routine assessments to ensure the highest quality compliance standards are met to protect client data.
PCI DSS Compliant
GiftTool is compliant with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is the payment card industry security requirement for entities that process or transmit cardholder data, and has been endorsed by all the major card brands, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.
PCI compliance means that the processes, procedures, network configuration and overall environment of the GiftTool platform have met the stringent guidelines set by the PCI Security Standards Council to protect consumer information and prevent identity theft.
Trustwave is the third-party security assessment vendor used by GiftTool to confirm that GiftTool is compliant with PCI DSS security requirements. GiftTool has been deemed compliant based upon information provided regarding our policies, procedures, and technical systems that process or transmit cardholder data and the Trustwave's TrustKeeper scan of those systems. To retain PCI DSS compliance, GiftTool is required to successfully pass ongoing quarterly vulnerability scans for these systems. In addition, GiftTool must continually identify and provide TrustWave with information regarding any new system that processes or transmits cardholder data, so that this system can be scanned as part of the compliance program.
We encode every transaction using SSL/TLS strong encryption. Your customers' personal and financial information is encrypted before it leaves their computer, throughout the transaction. GiftTool uses the Secure Socket Layer (SSL) Certificates of DigiCert, a leading global Certification Authority. Their certificate means that we are who we say we are and that your secure data transmissions will not be decrypted.