US/Canada(Toll Free): +1 888 587 2278 Europe/UK: +44 (020) 7193 9408 Australia/New Zealand: +61 3 9016 4497 |
US/Canada(Toll Free): +1 888 587 2278 Europe/UK: +44 (020) 7193 9408 Australia/New Zealand: +61 3 9016 4497 |
Having PCI Compliance (Payment Card Industry Compliance) is already a critical requirement for most businesses planning to trade online. In the future it may also become mandatory for all online businesses to have PCI Certification. This is why it is crucial to ensure that your shopping cart software can comply with the standards both now and into the future.
Put simply PCI Compliance is a certificate issued to your business by a security auditor. This PCI auditor looks at your website, shopping cart and hosting service to determine if you are dealing with personal and credit card information appropriately. If you are then the certificate is issued and you are PCI Compliant.
This compliance certificate is used as evidence to your customers, gateway provider and even your bank that your online store is secure.
For most merchants a self assessment is all you will need to do. if you are tkaing over a certain amount of orders then you may need have someone physically audit your site which is a much more expensive proposition.
To ensure your store is PCI Compliant you need to use a PCI Certified gateway. We provide integration to over 200 different payment gateway providers around the world.
Having PCI Certification is advisable in most circumstances but it can take some time and effort to arrange. That's why it's a good idea to find out if it is mandatory for your business.
You DON'T need PCI Certification if:
You MUST have PCI Certification if:
By handling transactions in this way you can easily tick most of the PCI requirements in the audit document provided you are using a PCI certified payment gateway provider.
If using SecurePay Directpay or AuthorizeNet DPM your customers stay on your site throughout the entire checkout process but are able to leverage the secure PCI status of the gateway provider. When you use PayPal the customer is taken to the PayPal site to complete the order and are then returned to your site once payment has been made.
Click here for more information on PCI Compliance and hosted gateways
Click here for a download list of PCI Compatible Gateways
We used to support allowing merchants to take credit cards directly on the merchants site but with the advent of PCI certification requirements have removed these options.
Part of gaining PCI Compliance usually involves a self-assessment questionnaire. To assist VP-ASP customers with answering this questionnaire we have created a guide. You can download this guide below.
Click here to download the PCI Self Assessment Guide
*Successful PCI Certification relies on multiple factors including hosting environment, business practices, configuration and payment gateway provider. Successful PCI compliant deployment of VP-ASP is the sole responsibility of the end user.