PCI compliance with Virtual Terminal

Danika2007Gill
New Community Member
Posted on
‎May-25-2021 07:57 AM

I am using Virtual Terminal for my business, how do I ensure I am PCI compliant?

Labels:
Login to Me Too
Login to Reply or Kudo
9 REPLIES 9

PayPal_JonK
Moderator
Moderator
‎May-26-2021 06:45 PM

Hello @Danika2007Gill,

 

Welcome to the PayPal Community! That's a great question! I've found a PayPal page that dives into PCI Compliance and some tips on how you can stay in compliance.

 

I hope that helps!

 

 - Jon K


If you find this or any other post was helpful, make our community better by giving kudos or accepting it as a solution.
Login to Me Too
Login to Reply or Kudo

sdpcr-bm
Contributor
Contributor
‎Jan-24-2022 11:26 AM

Helo @PayPal_JonK ,

 

The link referenced doesn't seem to work any longer.

 

-Ben

Login to Me Too
Login to Reply or Kudo

PayPal_JonK
Moderator
Moderator
‎Jan-24-2022 11:33 AM

Hello @sdpcr-bm,

 

Welcome! The link above is for UK accounts. Here's a link for the basics on US PCI Compliance. 

 

Have a great day!

 

 - Jon K


If you find this or any other post was helpful, make our community better by giving kudos or accepting it as a solution.
Login to Me Too
Login to Reply or Kudo

sdpcr-bm
Contributor
Contributor
‎Jan-24-2022 11:50 AM

Thank you. Would you happen to know where I can get a copy of PayPal's current PCI Attestation of Compliance?

Login to Me Too
Login to Reply or Kudo

PayPal_JonK
Moderator
Moderator
‎Jan-24-2022 02:30 PM

@sdpcr-bm, I wasn't able to find if PayPal publishes that information publicly or not. However, you can view any required legal information in our Legal Agreements section. You can also find PayPal's Online Card Payment Services Agreement here. 

 

I hope that helps!

 

 - Jon K

 

 


If you find this or any other post was helpful, make our community better by giving kudos or accepting it as a solution.
Login to Me Too
Login to Reply or Kudo

TAMU-PD
Contributor
Contributor
‎Jan-28-2022 01:59 PM

Okay, here's what's not being said in any of these replies. The PCI Compliance of PayPal is important, but when using Virtual Terminal you hold a lot of responsibility for PCI Compliance yourself. Think about it. If you have malware on the computer that you use to type a card number into Virtual Terminal, that isn't PayPal's fault or responsibility. YOU are responsible for the security of the card number from the time you type it in until it leaves your network to go to PayPal. That means at a minimum, your PC and potentially your network are "in scope" for PCI. It doesn't matter that PayPal is PCI compliant if the problem lies on your side. You need to go to pcisecuritystandards.org and review SAQ C-VT. Those are the requirements that could potentially apply to your network. If you are not prepared to meet those security requirements (and a lot of people aren't) then you might need to reconsider whether you should be using Virtual Terminal.

Login to Me Too
Login to Reply or Kudo

sdpcr-bm
Contributor
Contributor
‎Jan-28-2022 02:14 PM

Thats a great point. 

 

For me, my frustration comes with obtaining a AOC for Service Providers. Everyone else seems to have a way to obtain one with little fuss. 

 

To date, I still have not received an AOC from Paypal.

Login to Me Too
Login to Reply or Kudo

TAMU-PD
Contributor
Contributor
‎Jan-30-2022 12:01 PM

You're looking for an AOC, I'm looking for a matrix to satisfy requirement 12.8.5. I feel like we're both out of luck.

Login to Me Too
Login to Reply or Kudo

Richardmid1
Contributor
Contributor
‎Feb-21-2022 05:11 AM

How do I submit the SAQ C-VT document/questionnaire to Paypal?

My Paypal account is restricted till I comply with this. Why do they make it so complicated?!

Login to Me Too
Login to Reply or Kudo

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.