Our highest priority is keeping your information safe as you shop with us. Behind the scenes, our security team works hard to protect customers. Here’s a glimpse of what they do:
- 3D Secure (3DS) payment verification
- Enhanced 256-bit encryption with tokenization
- Commitment to personal privacy
3DS Secure (3DS) payment verification
We use 3DS for extra fraud protection to keep your card information safe.
To make a payment, you’re required to complete an additional verification step with the card issuer. You’ll be redirected to an authentication page on your bank’s website and may be asked to enter a password associated with the card or a code sent to your phone.
If your credit card and/or debit card has been declined, we recommend contacting the card issuer to verify your card is able to undergo 3DS verification. When contacting the card issuer, be specific as possible and mention the following:
- You're using the card for an online purchase.
- You're purchasing from a company located in the United States of America.
- iHerb uses 3D Secure (3DS) payment verification.
- Ask if the card or the card issuer is able to undergo the 3DS verification process.
Enhanced 256-bit encryption with tokenization
Simply put, "tokenization" means we only store the last 4 digits and the expiration date of your credit cards. That way, you know which card you’re using but the information is safe from unauthorized access, use, and disclosure.
All personal information entered on our website (such as a credit card number), is protected with the best encryption protocol in the industry: Transport Layer Security (TLS/SSL). We also comply with Payment Card Industry Data Security Standards (PCI DSS) for the secure processing of credit and debit card transactions.
Commitment to personal privacy
We put your privacy first. Since our founding in 1996, we have never sold or leased any customer information to third parties. Your personal information remains entirely confidential.
Wherever you are, iHerb is committed to maintaining compliance with global privacy regulations, including GDPR and CCPA.