Jump to content
Larry Ullman's Book Forums

Fuzzy On Pci Compliance

Recommended Posts

I'm still a little fuzzy on how to become PCI Compliant.


Does this sound right?:


1.  I build my website


2.  I get my website hosted


3.  I call up some PCI-Compliance company and tell them I want my site to be PCI Compliant


4.  The company analyzes my website's code, and analyzes my hosting situation


5.  They give me a "thumbs up" or a "thumbs down" (in which case they tell me what I need to change to get a "thumbs up".


Thanks :)

Link to comment
Share on other sites

So here's the FAQ: http://www.pcicomplianceguide.org/pcifaqs.php


And #2 says "PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data." If your company touches the customer's payment information for even a moment, you have to be PCI compliant.


With Stripe, the customer's payment information never hits your server. As long as you use SSL and Stripe.js, your PCI compliance is taken care of. 


If you're not using Stripe, here's what a small- to medium-level business would have to do: http://www.pcicomplianceguide.org/pcifaqs.php#6


You can find approved PCI compliance vendors at http://www.pcicomplianceguide.org/

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...