Friday 24 April 2015

To whom does PCI compliance need to apply?

To whom does PCI compliance need to apply


Question: To whom does PCI compliance need to apply? If I am only processing the Credit card detail, do i need still to apply for PCI Compliance?

If you are accept credit card/debit card on your website, you need PCI compliance.
If your customer is entering card/debit card on your website, you need PCI compliance.
Because you are processing the credit card, whether you are storing OR not, but you need PCI compliance.

Full form of PCI is Payment Card Industry Data Security Standards (PCI DSS).

Reading PCI Compliance.
Link 1: https://www.pcicomplianceguide.org/pci-faqs-2/#2
Search with : "To whom does PCI apply"

Link 2: https://developer.paypal.com/docs/integration/direct/accept-credit-cards/
Search with "All merchants who accept, store, transmit"


If you are using "embed code"/"mini browser"/"redirect to third party" where customer entered the credit card details (its not your website), means customer is not entering cc details on your website, then you don't need PCI Compliance.


For more information on PCI compliance.

https://www.pcicomplianceguide.org/pci-faqs-2/