cancel
Showing results for 
Search instead for 
Did you mean: 

PCI compliance with Virtual Terminal

Options
Danika2007Gill
New Community Member
Posted on

I am using Virtual Terminal for my business, how do I ensure I am PCI compliant?

9 REPLIES 9

PCI compliance with Virtual Terminal

Options
PayPal_JonK
Moderator

Hello @Danika2007Gill,

 

Welcome to the PayPal Community! That's a great question! I've found a PayPal page that dives into PCI Compliance and some tips on how you can stay in compliance.

 

I hope that helps!

 

 - Jon K


If you find this or any other post was helpful, make our community better by giving kudos or accepting it as a solution.

PCI compliance with Virtual Terminal

Options
sdpcr-bm
Contributor

Helo @PayPal_JonK ,

 

The link referenced doesn't seem to work any longer.

 

-Ben

PCI compliance with Virtual Terminal

Options
PayPal_JonK
Moderator

Hello @sdpcr-bm,

 

Welcome! The link above is for UK accounts. Here's a link for the basics on US PCI Compliance. 

 

Have a great day!

 

 - Jon K


If you find this or any other post was helpful, make our community better by giving kudos or accepting it as a solution.

PCI compliance with Virtual Terminal

Options
sdpcr-bm
Contributor

Thank you. Would you happen to know where I can get a copy of PayPal's current PCI Attestation of Compliance?

PCI compliance with Virtual Terminal

Options
PayPal_JonK
Moderator

@sdpcr-bm, I wasn't able to find if PayPal publishes that information publicly or not. However, you can view any required legal information in our Legal Agreements section. You can also find PayPal's Online Card Payment Services Agreement here. 

 

I hope that helps!

 

 - Jon K

 

 


If you find this or any other post was helpful, make our community better by giving kudos or accepting it as a solution.

PCI compliance with Virtual Terminal

Options
TAMU-PD
Contributor

Okay, here's what's not being said in any of these replies. The PCI Compliance of PayPal is important, but when using Virtual Terminal you hold a lot of responsibility for PCI Compliance yourself. Think about it. If you have malware on the computer that you use to type a card number into Virtual Terminal, that isn't PayPal's fault or responsibility. YOU are responsible for the security of the card number from the time you type it in until it leaves your network to go to PayPal. That means at a minimum, your PC and potentially your network are "in scope" for PCI. It doesn't matter that PayPal is PCI compliant if the problem lies on your side. You need to go to pcisecuritystandards.org and review SAQ C-VT. Those are the requirements that could potentially apply to your network. If you are not prepared to meet those security requirements (and a lot of people aren't) then you might need to reconsider whether you should be using Virtual Terminal.

PCI compliance with Virtual Terminal

Options
sdpcr-bm
Contributor

Thats a great point. 

 

For me, my frustration comes with obtaining a AOC for Service Providers. Everyone else seems to have a way to obtain one with little fuss. 

 

To date, I still have not received an AOC from Paypal.

PCI compliance with Virtual Terminal

Options
TAMU-PD
Contributor

You're looking for an AOC, I'm looking for a matrix to satisfy requirement 12.8.5. I feel like we're both out of luck.

PCI compliance with Virtual Terminal

Options
Richardmid1
Contributor

How do I submit the SAQ C-VT document/questionnaire to Paypal?

My Paypal account is restricted till I comply with this. Why do they make it so complicated?!

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.