What is PCI DSS?
PCI DSS (Payment Card Industry Data Security Standard) is the global standard created by the card brands (Visa, Mastercard, American Express, Discover and JCB) that defines the mandatory controls for any business that processes, stores or transmits cardholder data. PCI DSS compliance signals that a merchant applies international best practices to safeguard its customers’ financial information.
How we process your payments
Summa Envíos payment pages embed hosted fields from PayPal Advanced Checkout and Apple Pay. This means card data (number, expiration date, CVV) is sent encrypted directly from your browser to the certified processor, never passing through our servers. Summa Envíos never sees, stores or handles the full PAN or sensitive authentication data.
Independent validation by Viking Cloud and SGS Assurance Card
Summa Envíos’ PCI DSS compliance validation is issued by Viking Cloud, an independent Qualified Security Assessor (QSA) recognized by the PCI Security Standards Council. SGS, one of the world’s largest inspection, verification and certification bodies with presence in over 140 countries, hosts our Assurance Card, which confirms that the payment implementation has been audited and meets the current requirements of the standard. The seal in the site footer can be inspected and verified in real time.
Additional best practices
Beyond PCI DSS compliance, we apply TLS encryption to all site traffic, strict security headers (HSTS, X-Frame-Options, Content-Security-Policy), nonces for inline scripts, internal access controls and periodic audits. Protecting your financial data is an ongoing responsibility, not an annual checkbox.
Accepted payment methods
We accept Visa, Mastercard and American Express through PayPal Advanced Checkout, as well as Apple Pay on supported devices. All available methods run on PCI DSS Level 1 certified infrastructure, the highest level of the standard.