PCI compliance with Virtual Terminal

Danika2007Gill
New Community Member

I am using Virtual Terminal for my business, how do I ensure I am PCI compliant?

Login to Me Too
9 REPLIES 9

PayPal_JonK
Moderator
Moderator

Hello @Danika2007Gill,

 

Welcome to the PayPal Community! That's a great question! I've found a PayPal page that dives into PCI Compliance and some tips on how you can stay in compliance.

 

I hope that helps!

 

 - Jon K


If you find this or any other post was helpful, make our community better by giving kudos or accepting it as a solution.
Login to Me Too

sdpcr-bm
Contributor
Contributor

Helo @PayPal_JonK ,

 

The link referenced doesn't seem to work any longer.

 

-Ben

Login to Me Too

PayPal_JonK
Moderator
Moderator

Hello @sdpcr-bm,

 

Welcome! The link above is for UK accounts. Here's a link for the basics on US PCI Compliance. 

 

Have a great day!

 

 - Jon K


If you find this or any other post was helpful, make our community better by giving kudos or accepting it as a solution.
Login to Me Too

sdpcr-bm
Contributor
Contributor

Thank you. Would you happen to know where I can get a copy of PayPal's current PCI Attestation of Compliance?

Login to Me Too

PayPal_JonK
Moderator
Moderator

@sdpcr-bm, I wasn't able to find if PayPal publishes that information publicly or not. However, you can view any required legal information in our Legal Agreements section. You can also find PayPal's Online Card Payment Services Agreement here. 

 

I hope that helps!

 

 - Jon K

 

 


If you find this or any other post was helpful, make our community better by giving kudos or accepting it as a solution.
Login to Me Too

TAMU-PD
Contributor
Contributor

Okay, here's what's not being said in any of these replies. The PCI Compliance of PayPal is important, but when using Virtual Terminal you hold a lot of responsibility for PCI Compliance yourself. Think about it. If you have malware on the computer that you use to type a card number into Virtual Terminal, that isn't PayPal's fault or responsibility. YOU are responsible for the security of the card number from the time you type it in until it leaves your network to go to PayPal. That means at a minimum, your PC and potentially your network are "in scope" for PCI. It doesn't matter that PayPal is PCI compliant if the problem lies on your side. You need to go to pcisecuritystandards.org and review SAQ C-VT. Those are the requirements that could potentially apply to your network. If you are not prepared to meet those security requirements (and a lot of people aren't) then you might need to reconsider whether you should be using Virtual Terminal.

Login to Me Too

sdpcr-bm
Contributor
Contributor

Thats a great point. 

 

For me, my frustration comes with obtaining a AOC for Service Providers. Everyone else seems to have a way to obtain one with little fuss. 

 

To date, I still have not received an AOC from Paypal.

Login to Me Too

TAMU-PD
Contributor
Contributor

You're looking for an AOC, I'm looking for a matrix to satisfy requirement 12.8.5. I feel like we're both out of luck.

Login to Me Too

Richardmid1
Contributor
Contributor

How do I submit the SAQ C-VT document/questionnaire to Paypal?

My Paypal account is restricted till I comply with this. Why do they make it so complicated?!

Login to Me Too

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.