PCI Scan Vulnerability - Cookie Does Not Contain The "secure" Attribute

CykadasLLC
New Member
1 0 0

Hello Community!

 

My payment gateway (Authorize.Net) ran a PCI scan on my Shopify store and the results said "Cookie Does Not Contain The "secure" Attribute".

CykadasLLC_0-1603141559612.png

I tried to talk to shopify support but they say they are PCI compliant...

 

how can I fix this issue?

 

Please HELP!

 

Best to all of you!

0 Likes
PCI-Shawn
Shopify Staff
Shopify Staff
3 0 0

Hi CykadasLLC!

All ASV scanning companies return different results when scanning Shopify stores.    This finding should be reported to the ASV scanning company as a false positive via their false positive or findings dispute process.  (It also varies with each ASV company!)

You will need to provide the following explanation with the false positive report:  

These cookies are not related to session management and unrelated to the security of cardholder data.

Shawn | Social Care @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

0 Likes