Being PCI compliant means complying with the Payment Card Industry Data Security Standard (PCI DSS). In other words, you must meet data security requirements set by the Payment Card Industry Security Standards Council. These are rules put in place to protect cardholder data and reduce the risk of fraud and theft.
If you are not PCI compliant and collect credit card information, you may be audited, fined, and/or lose your ability to accept credit card payments.
What does PCI compliance mean for me?
The credit card industry has adopted strict security guidelines defined by the PCI Security Standards Council.
These guidelines ensure your business and website are secure from hacker and identity theft threats and that your client’s credit card information is adequately protected.
Adhering to the strict PCI guidelines protects both your clients and your business. Failing to comply means that liability is passed on to you.
What do I have to do to be PCI compliant?
Your exact PCI compliance requirements will depend on the size of your business.
Your payment processing company (where you obtained your merchant account), bank, or the credit card brands you do business with will be able to provide your exact requirements.
According to minimum PCI compliance standards, however, you must:
- Build and maintain a secure network
- Protect cardholder data at all times
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
Your website will also have to pass a PCI compliance scan from a certified Approved Scanning Vendor (ASV).
The PCI Security Standards Council provides helpful information on how to be compliant on their website.
Please note: HostPapa is certified as a PCI compliant eCommerce merchant; however, each eCommerce website owner and operator’s responsibility is to be PCI compliant. Many PCI requirements pertain to your day-to-day business activities, home or office networks, website and database design, and other items over which HostPapa has no control.
Is it possible to sell online without becoming PCI compliant?
You have two options when selling online:
- Become a PCI-compliant merchant. You must be certified using a third-party certification and security vendor. Due to the nature of shared web hosting – with multiple websites sharing one server – it may be difficult for you to pass third-party certification.
- Use a company that offers PCI-compliant and third-party hosted payment pages, such as PayPal or Google Pay. These services already meet all PCI compliance requirements – by using one of them, you can quickly begin to sell your goods and services online without the hassle of becoming a fully certified PCI compliant merchant.
Meeting the PCI-compliant merchant requirements can be costly and time-consuming. Website Payments Standard handles sensitive customer information for you to spend your time and resources running your business and serving your customers.
Start accepting payments on your website in minutes by adding the Google Pay (formerly Google Wallet) button. Customers simply click the button to pay you with the cards they have with Google Pay. Google takes care of the payment processing and PCI compliance, so you don’t have to.
If you need help with your HostPapa account, please open a support ticket from your dashboard.