PayPal Web Site Payment Pro PCI???
06-23-2011 05:15 PM
We were considering an upgrade to PPWPP to keep users on our site and to allow us to eliminate another processor. However, I cannot find a guide that states what must be done to be PCI compliant for such an endeavor.
If a person is not storing CC info, is the only modification a SSL cert for transmittal?
Please let me know. I would be very thankful for a link to the guide.
Re: PayPal Web Site Payment Pro PCI???
06-27-2011 01:44 PM
Welcome to the Forums.
To complete your processing needs, you may be required to meet Payment Card Industry (PCI) standards within your business.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements created to make sure that all companies that process, store or transmit credit card information maintain a secure environment. Formed by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB) these rules help protect their cardholders from fraudulent credit card use, loss, and theft.
The rules the card brands have established, and managed by the Payment Card Industry Security Standards Council (PCI SSC), affect any merchant who stores, processes, or transmits cardholder data, and each company that has its own rules for how to assess compliance, submit validation information, and remediate errors.
- If you use PayPal Website Payments Pro or Virtual Terminal, you’re responsible for meeting the PCI Security standards. To meet these security standards, you need to enroll with a Visa or MasterCard-certified security vendor for PCI certification services. These services must include a quarterly security scanning of your office and store internet connections and website as well as the completion of a Security Self-Assessment questionnaire.
You can find information on the PCI Security standards at the PCI Security Standards Council website, https://www.pcisecuritystandards.org/index.shtml (copy and paste link into your internet browser).