PCI DSS Compliance
The Payment Card Industry Data Security Standard (PCI DSS) is a global requirement. PrestaShop modules (like PrestaShop Checkout or Stripe) handle sensitive card data off-site.
No local storage: Your store’s database never sees or stores full credit card numbers.
Reduced Liability: Since the payment provider handles the data, your burden for complex security audits is significantly lowered.
2. Mandatory SSL/TLS Encryption
Every modern PrestaShop store operates under HTTPS.
All communication between the user's browser and your server is encrypted.
This prevents "man-in-the-middle" attacks where hackers try to intercept login credentials or payment details during the session.
3. Tokenization Technology
When a customer saves a card for future use, PrestaShop uses Tokenization.
The actual card data is stored on the provider's secure servers (e.g., PayPal or Adyen).
Your store receives a unique "token" (a string of random characters) that can only be used by your specific store to trigger a payment. Even if your store was hacked, the tokens are useless to the attacker.