What is PCI Compliance and why is it so important?

Having PCI Compliance (Payment Card Industry Compliance) is already a critical requirement for most businesses planning to trade online. In the future it may also become mandatory for all online businesses to have PCI Certification. This is why it is crucial to ensure that your shopping cart software can comply with the standards both now and into the future.

Put simply PCI Compliance is a certificate issued to your business by a security auditor. This PCI auditor looks at your website, shopping cart and hosting service to determine if you are dealing with personal and credit card information appropriately. If you are then the certificate is issued and you are PCI Compliant.

This compliance certificate is used as evidence to your customers, gateway provider and even your bank that your online store is secure.

Naturally our latest version of VP-ASP (v7.0) can be deployed as PCI Compliant and all future versions and upgrades will be PCI Compatible as well.*

Do I need PCI Certification?

Having PCI Certification is advisable in most circumstances but it can take some time and effort to arrange. That's why it's a good idea to find out if it is mandatory for your business.

You DON'T need PCI Certification if:

• You are not taking credit card orders on your site

You MUST have PCI Certification if:

• Your gateway provider demands it (ask your provider)
• Your merchant provider or bank demands it (ask your provider)

NOTE: Depending on the amount of revenue your business generates PCI Compliance may be a mandatory for obtaining a merchant facility from your bank.

How do I get PCI Certification?

The Simple Solution: Hosted Gateways

The easiest way to obtain PCI Certification is to utilise a hosted gateway service such as Paypal or Authorise.net SIM. When you use a hosted gateway your website does not receive any customer credit card information and this data is, instead, handled by your provider's website. At the moment of payment your customer is sent to the provider's website to enter their details and then back to your website once the payment is complete.

By handling transactions in this way you can easily tick most of the PCI requirements in the audit document provided you are using a PCI certified payment gateway provider.

The downside is that customers must leave your site briefly when making payment.

Click here for more information on PCI Compliance and hosted gateways
Click here for a download list of PCI Compatible Gateways

The Customised Solution: Integrated Gateways

For some businesses integrated gateways are the preferred solution. With an integrated gateway all transactions are handled within your website. As such your website needs to adhere to far stricter standards.

Integrated gateways are often preferred by businesses who do not want to send customers away to a provider's website during the transaction process. The downside is that it is harder to gain PCI Compliance.

Click here for more information on PCI Compliance and integrated gateways
Click here for a download list of PCI Compatible Gateways

PCI Self Assessment Questionnaire

Part of gaining PCI Compliance usually involves a self-assessment questionnaire. To assist VP-ASP customers with answering this questionnaire we have created a guide. You can download this guide below.

Click here to download the PCI Self Assessment Guide

*Successful PCI Certification relies on multiple factors including hosting environment, business practices, configuration and payment gateway provider. Successful PCI compliant deployment of VP-ASP is the sole responsibility of the end user.