DomainRooster
Published in

DomainRooster

Maintaining PCI compliance

The Payment Card Industry Security Standards Council establishes the Payment Card Industry Data Security Standards to protect credit card data (PCI-DSS or PCI for short). PCI compliance is demanded of entities that transmit, process, or store credit card information.

Hosting allows you to create a website and showcase your products. If you’d rather not have credit card information stored on your own server, you can hire a third-party service to handle payment processing (for example: PayPal Checkout, Square Online Checkout and Stripe Checkout). In order to keep your company PCI compliant, you should be aware of any new necessities.

If you prefer to accept payments directly on your site, we offer PCI-certified products like Managed WordPress Ecommerce Hosting. PCI compliance is a joint effort. When you use one of our PCI-certified solutions, we design our processes and systems to protect your customer’s credit card information and need you to protect your account.

WooCommerce-managed WordPress

WooCommerce is a plugin for Managed WordPress that allows for the acceptance of payments through the platform by integrating with external payment processing systems. Customers’ credit card data is stored securely on your site while only a little bit of code is needed. Since you have discretion over which plugins are enabled for your account, you must take some extra measures to ensure PCI compliance.

  • Payment Implementation
  • Install only the WooCommerce payment plug-in. While there may be alternative payment plug-ins available, we only certify the WooCommerce plug-in.
  • Add no functionality or code that deals with credit card information. We are unable to certify any bespoke payment mechanism that has been introduced to a server.
  • Keep your plug-ins updated (process updates within 30 days).
  • User Management
  • Always give each user a distinct ID and use strong passwords.
  • Use of group, shared, or generic IDs or passwords is not permitted.
  • When users should no longer have access, remove them.
  • Paper (non-digital) Records
  • Service Provider Compliance
  • Incident Response Plan
  • Submit PCI Self-Assessment Questionnaire A (PCI SAQ-A) with your processor (WooCommerce Payments, Stripe, PayPal, Square, Klarna or PayFast).

Note: If you accept payments over the phone, you may be subject to additional requirements to secure your phone systems and computers used by your call center agents.

If you have additional questions, please work with your bank or contact a Qualified Security Assessor (QSA).

More info

Domain Rooster is one of the world’s best services platform for entrepreneurs around the globe. We’re on a mission to empower our worldwide community of customers — and entrepreneurs everywhere — by giving them all the help and tools they need to grow online. www.domainrooster.us View all posts by Domain Rooster

Originally published at http://domainrooster.blog on October 23, 2022.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Dean J.

Dean Jones has over 20 years of experience in technical, managerial, and leadership roles, guiding brands into new periods of innovation and worldwide expansion