Security Controls Statement

At TSUNAMI.STORE, protecting the privacy and security of our customers is a priority. We implement a range of technical and administrative safeguards designed to help protect the information shared through our website. These security controls are intended to support a safe browsing and shopping experience while maintaining the integrity of our systems.

Explore the Wave

Tsunami, a brand of Global Motion Holdings LLC, safeguards your personal and payment information through industry-standard security controls and best practices.

1. Secure Payment Processing

  • No card data stored on our servers – All transactions are routed to Clover, the payment platform owned by Fiserv.
  • Point-to-Point Encryption (P2PE) – Payment data is encrypted the instant it is keyed, tapped, or swiped, preventing exposure in transit or at rest.
  • Tokenization – Card numbers are replaced with non-usable tokens, further reducing risk.
  • PCI DSS compliance – Clover is fully certified (including PCI DSS v4.0), keeping cardholder data protections up to date.

2. Encryption and Data Protection

  • TLS 1.2+ – All traffic between your browser, Tsunami servers, and Clover endpoints is encrypted with modern TLS ciphers.
  • No full cardholder data retained – Only secure token references are stored within Clover systems.

3. Continuous Security Oversight

  • 24/7 monitoring – Clover employs antivirus, intrusion detection, and real-time fraud analytics.
  • Merchant tools – Security Score dashboards, Rapid Comply PCI questionnaires, and breach-response support are available through Clover Security Plus.

4. Scope Reduction & Liability Protection

  • Reduced PCI scope – P2PE and tokenization mean Tsunami’s own environment never touches sensitive card data, minimizing compliance burden.
  • Breach liability waiver – Clover provides up to US $100,000 per location in covered breach incidents.

5. Operational Integrity

  • Global PCI DSS alignment – Clover systems meet or exceed PCI DSS v4.0 requirements.
  • Strong cipher suites – All payment endpoints adhere to PCI-approved TLS standards for secure communications.

Conclusion

Your payment information is handled exclusively by a fully PCI DSS-compliant platform (Clover by Fiserv) featuring P2PE encryption, tokenization, secure transmission, continuous monitoring, and breach-response coverage. Tsunami never stores full card data, ensuring your transactions remain as secure as possible.

Contact

Questions about our security practices or Clover’s compliance? Please reach out via the Contact Us page