Name: Shahi Herbal
Brand: Shahi Herbal
Rating: 4.9 (73 reviews)

🔒 PhonePe Security Policies & Guarantees

From PhonePe’s own documents:

PCI-DSS Compliance
- PhonePe PG (Payment Gateway) is PCI-DSS compliant. (developer.phonepe.com)
- Card details (like CVV, password, etc.) are never stored insecurely. Sensitive data is handled by PhonePe only. (cms.phonepe.com)
Tokenization & Encryption
- PhonePe introduced Device Tokenization for card transactions, which avoids storing actual card details on merchant sites. (FF News | Fintech Finance)
- Uses standard encryption / security protocols (TLS, etc.) for protecting communication. (PhonePe)
User Authentication & Verification
- UPI PIN / MPIN / password required for transactions. (cms.phonepe.com)
- OTP / device verification for new logins or high-risk activity. (PhonePe)
Real-time Monitoring & Fraud Detection
- PhonePe monitors transactions for suspicious activity. Accounts showing unusual behavior may be blocked. (PhonePe)
- Reports of fraud are handled. (PhonePe)
Legal & Regulatory Compliance
- PhonePe is certified under ISO/IEC standards and complies with data-security and financial regulation in India. (cms.phonepe.com)
- Registered escrow account handling and settlement practices under RBI / regulatory oversight. (PhonePe)

🛡️ WooCommerce Expectations & Best Practices

When you use WooCommerce with any payment gateway (PhonePe included), following best practices ensures safety and compliance:

PCI-DSS Scope
- If the gateway is hosted (i.e. sensitive card data is handled by PhonePe), your store may have a reduced compliance burden. But many PCI requirements still apply (e.g., SSL, secure server). (WooCommerce)
SSL / HTTPS
- SSL certificate must be installed. Checkout, logins, all “sensitive” pages must run over HTTPS. (Hostinger)
Don’t Store Raw Payment Info
- Your site should avoid storing credit card numbers or CVV. Use tokenization or redirect/hosted checkout models. WooCommerce emphasises that credit card info should not be stored unless you have vault/tokenization under a compliant gateway. (woo.zendesk.com)
Updates and Patching
- Keep WordPress, WooCommerce, theme, and all plugins updated. Any vulnerability can be a risk. (DevProvider)
Strong Authentication
- Use strong passwords, limit login attempts, enable Two-Factor Authentication (2FA) for admin/important users. (TheCommerceShop)
Backups and Monitoring
- Regular backups, malware scans, firewall (WAF) use. Also monitor logs, admin activity. (Hostinger)
Privacy & Data Handling
- Customer data (billing, contact) must be stored securely, access restricted, and handled per local data protection laws. (WooCommerce)

1. Introduction
We accept payments via PhonePe Payment Gateway. Ensuring your financial and personal data is safe is our top priority.

2. How Payment Processing Works

All transaction data (UPI PIN, card number, etc.) is handled by PhonePe’s Secure Checkout Page, not stored on our servers.
Payment methods include UPI, credit/debit cards, net banking, etc.

3. Compliance & Encryption

PhonePe is PCI-DSS compliant.
Your card details are tokenized if saved for future payments (no raw card or CVV info saved).
Communications during checkout are encrypted via TLS/SSL.

4. Fraud Prevention & Monitoring

We monitor orders for suspicious patterns (e.g. large orders, mismatched billing/shipping address).
Any fraudulent or suspicious transaction will be flagged, investigation done, action taken (refund/cancellation).

5. Authentication & Account Safety

New devices require OTP / verification.
Keep your account credentials (PhonePe, Woocommerce login) secure. Never share OTP, password, CVV.

6. Secure Checkout Page

7. Data Privacy

We store only necessary customer data (name, address, email, phone) for order processing.
We do not store sensitive payment info.

8. Support & Dispute Redressal

9. Updates and Continuous Improvement