We were considering an upgrade to PPWPP to keep users on our site and to allow us to eliminate another processor. However, I cannot find a guide that states what must be done to be PCI compliant for such an endeavor.
If a person is not storing CC info, is the only modification a SSL cert for transmittal?
Please let me know. I would be very thankful for a link to the guide.
Welcome to the Forums.
To complete your processing needs, you may be required to meet Payment Card Industry (PCI) standards within your business.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements created to make sure that all companies that process, store or transmit credit card information maintain a secure environment. Formed by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB) these rules help protect their cardholders from fraudulent credit card use, loss, and theft.
The rules the card brands have established, and managed by the Payment Card Industry Security Standards Council (PCI SSC), affect any merchant who stores, processes, or transmits cardholder data, and each company that has its own rules for how to assess compliance, submit validation information, and remediate errors.
You can find information on the PCI Security standards at the PCI Security Standards Council website, https://www.pcisecuritystandards.org/index.shtml (copy and paste link into your internet browser).