What is PCI Compliance and why is it so important?
Having a PCI Compliance Certificate (Payment Card Industry Compliance) is a very critical requirement for any business planning to trade online. Because, in the nearest future, it may become mandatory for all online businesses to be PCI Certified. This is why it is necessary to ensure that your shopping cart software can comply with the standard now and in the future.
To put it simply PCI Compliance is a certificate issued to your business by a certified security auditor. This PCI auditor looks at your website, shopping cart and hosting service to determine if you are dealing with personal and credit card information appropriately. If you are, then the certificate is issued and you are PCI Compliant.
This compliance certificate is used as evidence to your customers, gateway provider, and even your bank that your online store is secure.
For most merchants, a self-assessment is all you will need to do. if you are taking over a certain amount of orders then you may need to have someone physically audit your site which is a much more expensive proposition.
To ensure your store is PCI Compliant you need to use a PCI Certified gateway. You would be delighted to know that we provide integration to over 200 different payment gateway providers around the world.
Do I need PCI Certification?
Having PCI Certification is advisable in most circumstances but it can take some time and effort to arrange. That's why it's a good idea to find out if it is mandatory for your business.
You DON'T need PCI Certification if:
- You are not taking credit card orders on your site
You MUST have PCI Certification if:
- You are taking credit card orders on your site
How do I get PCI Certification?The Simple Solution: Hosted Gateways
The easiest way to obtain PCI Certification is to utilize a hosted gateway service such as PayPal,SecurePay Direct Post or Authorize Net AcceptJS. When you use a hosted gateway your website does not receive any customer credit card information and this data is, instead, handled by your provider's website. At the moment of payment, your customer is sent to the provider's website to enter their details and then back to your website once the payment is complete.
By handling transactions in this way you can easily tick most of the PCI requirements in the audit document provided you are using a PCI certified payment gateway provider.
If you using SecurePay Direct Post or Authorize Net AcceptJS your customers stay on your site throughout the entire checkout process but are able to leverage the secure PCI status of the gateway provider. When you use PayPal, the customer is taken to the PayPal site to complete the order and then returned to your site once payment has been made.
We have partnered with TrustGuard to offer PCI scanning to our customers.
Having dealt with a variety of PCI Scanning Vendors, we can highly recommend TrustGuard to perform accurate and informative scans.
Click the link below to learn more about TrustGuard:
We used to support allowing merchants to take credit cards directly on their (merchants) site but with the advent of PCI certification, This option has been removed.
PCI Self Assessment Questionnaire
Part of gaining PCI Compliance usually involves a self-assessment questionnaire. To assist VP-CART customers with answering this questionnaire we have created a guide. You can download this guide below.
*Successful PCI Certification relies on multiple factors including hosting environment, business practices, configuration, and payment gateway provider. Successful PCI compliant deployment of VP-CART is the sole responsibility of the end user.