Johnny Posted June 15, 2013 Share Posted June 15, 2013 I'm still a little fuzzy on how to become PCI Compliant. Does this sound right?: 1. I build my website 2. I get my website hosted 3. I call up some PCI-Compliance company and tell them I want my site to be PCI Compliant 4. The company analyzes my website's code, and analyzes my hosting situation 5. They give me a "thumbs up" or a "thumbs down" (in which case they tell me what I need to change to get a "thumbs up". Thanks Link to comment Share on other sites More sharing options...
Larry Posted June 17, 2013 Share Posted June 17, 2013 Yes, that's the gist of it, except that analysis must be done quarterly. See this: http://www.pcicomplianceguide.org/pcifaqs.php#6 Link to comment Share on other sites More sharing options...
Jonathon Posted June 17, 2013 Share Posted June 17, 2013 Im interested by this. If you want to start something solely online then I was thinking what steps do you need to do to be ok and who would be these PCI-Compliance companies? Will something like Stripe also remove all onus on you? Link to comment Share on other sites More sharing options...
Larry Posted June 17, 2013 Share Posted June 17, 2013 So here's the FAQ: http://www.pcicomplianceguide.org/pcifaqs.php And #2 says "PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data." If your company touches the customer's payment information for even a moment, you have to be PCI compliant. With Stripe, the customer's payment information never hits your server. As long as you use SSL and Stripe.js, your PCI compliance is taken care of. If you're not using Stripe, here's what a small- to medium-level business would have to do: http://www.pcicomplianceguide.org/pcifaqs.php#6 You can find approved PCI compliance vendors at http://www.pcicomplianceguide.org/ Link to comment Share on other sites More sharing options...
Johnny Posted June 18, 2013 Author Share Posted June 18, 2013 Thank you Larry! You're very helpful! Are there any PCI Compliance companies in particular who you'd recommend? Link to comment Share on other sites More sharing options...
Larry Posted June 18, 2013 Share Posted June 18, 2013 No, sorry! Link to comment Share on other sites More sharing options...
Jonathon Posted June 18, 2013 Share Posted June 18, 2013 Thanks Larry Link to comment Share on other sites More sharing options...
Recommended Posts