What is PCI Compliance and why is it so important?

Having PCI Compliance (Payment Card Industry Compliance) is already a critical requirement for most businesses planning to trade online. In the future it may also become mandatory for all online businesses to have PCI Certification. This is why it is crucial to ensure that your shopping cart software can comply with the standards both now and into the future.

Put simply PCI Compliance is a certificate issued to your business by a security auditor. This PCI auditor looks at your website, shopping cart and hosting service to determine if you are dealing with personal and credit card information appropriately. If you are then the certificate is issued and you are PCI Compliant.

This compliance certificate is used as evidence to your customers, gateway provider and even your bank that your online store is secure.

For most merchants a self assessment is all you will need to do. if you are tkaing over a certain amount of orders then you may need have someone physically audit your site which is a much more expensive proposition.

To ensure your store is PCI Compliant you need to use a PCI Certified gateway. We provide integration to over 200 different payment gateway providers around the world.

We have also recently partnered with CRE Secure to allow you to take credit cards on your site and remain PCI Compliant.

Do I need PCI Certification?

Having PCI Certification is advisable in most circumstances but it can take some time and effort to arrange. That's why it's a good idea to find out if it is mandatory for your business.

You DON'T need PCI Certification if:

• You are not taking credit card orders on your site

You MUST have PCI Certification if:

• You are taking credit card orders on your site

How do I get PCI Certification?

The Simple Solution: Hosted Gateways

The easiest way to obtain PCI Certification is to utilise a hosted gateway service such as Paypal or Authorise.net SIM. When you use a hosted gateway your website does not receive any customer credit card information and this data is, instead, handled by your provider's website. At the moment of payment your customer is sent to the provider's website to enter their details and then back to your website once the payment is complete.

By handling transactions in this way you can easily tick most of the PCI requirements in the audit document provided you are using a PCI certified payment gateway provider.

The downside is that customers must leave your site briefly when making payment.

Click here for more information on PCI Compliance and hosted gateways
Click here for a download list of PCI Compatible Gateways

Integrated Gateways

We used to support allowing merchants to take credit cards directly on the merchants site but with the advent of PCI certification requirements have removed these options.

We have however recently partnered with CRE Secure to allow you to take credit cards on your site and remain PCI Compliant.

PCI Self Assessment Questionnaire

Part of gaining PCI Compliance usually involves a self-assessment questionnaire. To assist VP-ASP customers with answering this questionnaire we have created a guide. You can download this guide below.

Click here to download the PCI Self Assessment Guide

*Successful PCI Certification relies on multiple factors including hosting environment, business practices, configuration and payment gateway provider. Successful PCI compliant deployment of VP-ASP is the sole responsibility of the end user.