What is PCI compliance?
According to pcicomplianceguide.org, the Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.
What does this mean for you?
If you are a business who sells goods online and process payments, then PCI compliance is a very important item you should know about and must remain in compliance where required. Any time a credit card transaction takes place via a website, there are conditions which require your site to be PCI compliant. This means your server, website, and processes may fall into a set of standards based on the volume of transactions you process and how you process them. Based on your business and how your site is built, you may fall into a category or specific level of compliance. You can find out what level you are required to adhere to by completing a Self Assessment.
More information on the Self Assessment can be found at the following link:
Here at Triskel Creative we build all websites on the WordPress platform. The plugin used for building an e-commerce store is WooCommerce. There are options within this e-commerce tool that does not require PCI compliance, such as the use of PayPal Standard or Stripe to process credit card payments. This difference in using these types of payment processors is that the transaction and data storage is not done within the website itself, therefore it falls outside of the requirements for compliance. However, other payment gateway integrations providing a seamless checkout by processing payments within the site do require PCI compliance.
Triskel Creative can accommodate either path of payment gateways requiring or not requiring compliance, however the cost for a compliant server and website does increase substantially because of the work involved in making it compliant.
Learn more about WooCommerce and PCI Compliance at the following link:
As the owner of the website, you will be accountable for having the site compliant and will incur ongoing work to maintain this compliance. One item in particular that is important for you to know is that it is the owner’s responsibility to submit information to remain in compliance by working with your payment processor and possibly requiring the services of a third party approved scanning vendor. As the website builder and hosting provider, Triskel cannot conduct some of those tasks being that PCI standards require a separate party to conduct those audits.
PCI compliance is not an easy task to undertake and many smaller businesses or individuals may not have the budget to afford such a task. Other options are available for those who cannot or don’t want to take on the initial compliance approval and ongoing work involved. Contact Triskel to discuss your options further and we will advise you on the best approach, even it is not retaining the services of Triskel Creative, so you end up with the best solution for your business.