Enterprise-grade payment security for Shopify merchants
CartDNA helps you optimise payments whilst keeping sensitive cardholder data within secure, certified payment environments.
No PAN/CVV data stored in CartDNA
Nabeyond Ltd, trading as CartDNA, is fully PCI DSS compliant. Annual reviews and controls in place.
No Cardholder Data Storage
CartDNA does not host or store raw cardholder data. All sensitive payment information remains within certified payment environments.
Fully PCI DSS Compliant
Nabeyond Ltd, trading as CartDNA, completes annual PCI reviews with strict security controls and validation.
Shopify Level 1 Security
Shopify is PCI DSS Level 1 compliant by default, providing enterprise-grade security for all shops.
Tokenised Payment Flows
Sensitive data remains within secure payment environments. CartDNA works only with tokenised references.
Onsite Card Payment Support
Some processor flows require compliance checks and review. CartDNA maintains required certifications.
Merchant Compliance Guidance
Clear guidance for manual entry and internal handling to help merchants follow secure payment practices.
How CartDNA keeps payment data secure
CartDNA app layer works only with secure APIs and tokenised references
Shopify Secure Checkout handles all sensitive payment data input
Approved processor integrations maintain PCI DSS compliance
Tokenisation replaces card numbers with secure references
No storage of sensitive card details, CVV codes, or full credentials
Payment Data Flow
🔒 Raw card data never touches CartDNA systems
PCI DSS compliance across online and onsite payment flows
CartDNA and Shopify work together to deliver enterprise-grade security and compliance for all payment operations.
CartDNA Compliance
- Fully PCI DSS compliant
- Annual reviews completed
- Security controls documented
- Infrastructure continuously monitored
Shopify Platform Compliance
- Level 1 PCI DSS certified
- Checkout covered by default
- Hosting and basket protected
- Enterprise-grade infrastructure
Onsite Card Payment Support
- Supported on some flows
- Processor dependent
- Annual validation required
- Certified payment handling
Merchant Responsibilities
- Don't write down cards
- Follow SAQ requirements
- Protect staff access
- Use official Shopify tools
“CartDNA does not host or store sensitive cardholder data. Sensitive payment data remains within Shopify and approved payment processors.”
What this means for your business
Lower compliance exposure
Reduced risk by not storing sensitive payment data
Stronger trust
Enterprise-grade security builds customer trust
Safer global scaling
Expand internationally with secure infrastructure
Secure onsite options
Support physical locations with certified card readers
Better audit readiness
Clear compliance documentation and monitoring
Merchant responsibilities for payment security
Whilst Shopify and CartDNA provide secure infrastructure, merchants must follow safe payment practices to protect customers and businesses alike.
Maintaining strong internal security practices helps ensure that sensitive payment information remains protected throughout the entire payment process, from customer input to final processing.
Security Checklist
Frequently asked questions
Does CartDNA store cardholder data?
No. CartDNA does not host or store sensitive cardholder information including credit card numbers, CVV codes, or full payment credentials. All payment processing occurs within Shopify and authorised payment processors, with CartDNA interacting only with secure APIs and tokenised payment references.
Is CartDNA PCI DSS compliant?
Yes. Nabeyond Ltd, trading as CartDNA, is fully PCI DSS compliant. The platform undergoes annual PCI compliance reviews, follows strict security controls, and maintains continuous infrastructure monitoring to meet required security standards for payment-related systems.
What does Shopify Level 1 PCI DSS mean?
Shopify is certified PCI DSS Level 1 compliant, the highest level of security certification for organisations handling card transactions. This covers Shopify-hosted infrastructure, checkout pages, payment processing systems, tokenised card data storage, and secure payment gateway integrations.
What are merchant responsibilities for payment security?
Merchants must never store customer card numbers, avoid writing down card details, secure staff access to payment systems, and follow Shopify payment handling guidelines. Merchants manually entering card details must follow proper PCI security procedures.
How do onsite card payment flows remain compliant?
CartDNA supports certain onsite payment capabilities for partner processors whilst maintaining PCI DSS compliance through annual reviews, secure handling of payment-related systems, and continuous monitoring of infrastructure security. Shopify POS uses certified card readers with EMV chip security and encrypted cardholder data.
Ready to improve payment performance without adding security risk?
Speak to our team about how CartDNA can help your Shopify shop scale securely