Payment Card Industry Data Security Standard

The Payment Card Industry Data Security Standard is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands but administered by the Payment Card Industry Security Standards Council.

SQUARE/ZOHO Payment Processor

Privacy and Security

Square’s approach to security is designed to protect both merchants and their customers. Read about how we keep you and your information safe.

Security at Square

To protect Square account holders and their customers, all information our customers submit is encrypted to our servers, regardless of whether you’re using a public or private WiFi connection or a data service on your phone (such as 3G, 4G or EDGE). Square complies with all required PCI standards. As per our Terms, Security Policy and Privacy Policy, we will never sell information to third party vendors.

Square protects its systems with industry-leading technology and security controls, including:

  • Square performs data encryption within the card reader at the moment of swipe.

  • Square’s software is developed using industry-standard security best practices.

  • Square’s servers are monitored around the clock by dedicated security staff.

  • Square’s employees act in accordance with security policies designed to keep your data safe.

ZOHO Payment Processor

Compliance at Zoho


ISO/IEC 27001 is one of the most widely recognized independent international security standards. This certificate is awarded to organizations that comply with ISO's high global standards. Zoho has earned ISO/IEC 27001:2013 certification for Applications, Systems, People, Technology, and Processes

Applicable to- All cloud services and on-premise products of Zoho, ManageEngine, Site24x7, WebNMS and GSP Solution

ISO/IEC 27017 gives guidelines for information security controls applicable to the provision and use of cloud services by providing additional implementation guidance for relevant controls specified in ISO/IEC 27002 and additional controls with implementation guidance that specifically relate to cloud services.

Zoho is certified with ISO/IEC 27017:2015 - Information technology - Security techniques - Code of practice for information security controls based on ISO/IEC 27002 for cloud services.

Applicable to- All Cloud services of Zoho, Manage Engine and Site24x7 .

ISO/IEC 27018 establishes commonly accepted control objectives, controls and guidelines for implementing measures on safeguarding the PII that is processed in a public cloud. These controls are an extension of ISO/IEC 27001 and ISO/IEC 27002, ISO/IEC 27018 which provide guidance to organizations concerned about how their cloud providers are handing personally identifiable information (PII).

Applicable to- All Cloud services of Zoho, Manage Engine and Site24x7.

Zoho is SOC 2 Type II compliant. SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the AICPA's Trust Services Principles criteria.

Applicable to- All cloud services and on-premise products of Zoho, ManageEngine, Site24x7, WebNMS and GSP Solution

Payment card industry (PCI) compliance refers to the technical and operational standards that businesses must follow to ensure that credit card data provided by cardholders is protected. PCI compliance is enforced by the PCI Standards Council, to ensure that all businesses that store, process or transmit credit card data electronically do so in a secure manner that helps reduce the likelihood that cardholders would have sensitive financial data stolen.

Zoho, being PCI compliant, consistently adheres to a set of guidelines set forth by companies that issue credit cards.

Applicable to- All the Zoho finance Plus products (ie) Zoho Books,Zoho Invoice,Zoho Inventory, Zoho Subscription, Zoho Expense, Zoho Checkout and Zoho Commerce

Last updated