Yes, Winc is required to implement and operate a comprehensive set of security controls that are described in the PCI-DSS standard. This standard applies to all e-commerce organisations that process customer credit card payments electronically.
Winc is required to have governance, audit and compliance processes of a sufficient maturity-level to assess the PCI security controls and must submit an annual PCI-DSS "Attestation of Compliance" to our Bank for independent validation.

Please note Winc does not store or record your credit card details. In the event of unauthorised use of your credit card, you must notify your credit card provider in accordance with its reporting rules and procedures.