Jump to content
Larry Ullman's Book Forums

Fuzzy On Pci Compliance


Recommended Posts

I'm still a little fuzzy on how to become PCI Compliant.

 

Does this sound right?:

 

1.  I build my website

 

2.  I get my website hosted

 

3.  I call up some PCI-Compliance company and tell them I want my site to be PCI Compliant

 

4.  The company analyzes my website's code, and analyzes my hosting situation

 

5.  They give me a "thumbs up" or a "thumbs down" (in which case they tell me what I need to change to get a "thumbs up".

 

Thanks :)

Link to comment
Share on other sites

Im interested by this. If you want to start something solely online then I was thinking what steps do you need to do to be ok and who would be these PCI-Compliance companies?

 

Will something like Stripe also remove all onus on you?

Link to comment
Share on other sites

So here's the FAQ: http://www.pcicomplianceguide.org/pcifaqs.php

 

And #2 says "PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data." If your company touches the customer's payment information for even a moment, you have to be PCI compliant.

 

With Stripe, the customer's payment information never hits your server. As long as you use SSL and Stripe.js, your PCI compliance is taken care of. 

 

If you're not using Stripe, here's what a small- to medium-level business would have to do: http://www.pcicomplianceguide.org/pcifaqs.php#6

 

You can find approved PCI compliance vendors at http://www.pcicomplianceguide.org/

Link to comment
Share on other sites

 Share

×
×
  • Create New...