Update on Victory Passport

December 19, 2013 by Zac Moffatt

Victory Passport has complied with industry security standards and does not store credit card data.  Financial data is never stored on any WP Engine site. Any financial data that is passed through WP Engine servers is  transmitted via an encrypted SSL channel.

Victory Passport employs the industry standard three-legged OAuth in place for all user and client interactions with user data of any form.

PCI compliance does not apply to data stored in volatile memory. It never has, and any claim to the contrary only demonstrates a lack of understanding about PCI.

Further, any payment processor has a services-based architecture where the client posts back to their own server and then makes a secure (SSL) server-to-server API call (RESTful) to process the payment.

Tomas Puig, Head of Marketing and Communications at WP Engine stated “We have confirmed through a system scan today that at no point does the credit card information reside on our servers.”