AndyC Posted October 16, 2019 Posted October 16, 2019 Hey All I am using PayPal and Braintree for my payments.. I am not storing any card details only a reference number in regards to the transaction and of course PayPal ... Do I really need to be PCI Compliant ,or is SSL enough. More of a curiosity than anything else as I am failing on 5 minor items at the moment
AndyC Posted May 18, 2020 Author Posted May 18, 2020 Bring this up again as never got a answer I now use both Nochex and PayPal so do I really still need to be PCI compliant. I am being chased to get my site compliant.They say I have to be , but I have have read I don't have to be if I use off site payments like PayPal thanks
datakick Posted May 18, 2020 Posted May 18, 2020 If you don't collect card info on your website, then it's not necessary to be PCI compliant. If you, however, have some card info input form on your site, then you should be. For example, stripe module let you include card form directly on your checkout page. It's better to disable this option and just redirect your customers to stripe website.
haylau Posted May 18, 2020 Posted May 18, 2020 46 minutes ago, AndyC said: Bring this up again as never got a answer I now use both Nochex and PayPal so do I really still need to be PCI compliant. I am being chased to get my site compliant.They say I have to be , but I have have read I don't have to be if I use off site payments like PayPal thanks Who is chasing? Who says you have to be? 1
AndyC Posted May 18, 2020 Author Posted May 18, 2020 (edited) The PCI company Security Metrics because my Briantree is failing and as I have changed to off site options... I had to have them when I was taking money direct from my website with Braintree (PayPal) which I understand.. Now that I don't I shouldn't really need it Edited May 18, 2020 by AndyC
haylau Posted May 18, 2020 Posted May 18, 2020 I hate those reports, I make most of it up 🙂 The only reason we need it is because we use the PayPal virtual terminal system to take card payments over the phone. Otherwise you don't need it. If you only ever take payments via the website and the customers are directed to the PayPal / nochex site then it is not needed. PayPal and Nochex will let you know if they need it - perhaps be proactive and talk to them directly as they know your account status
veganline Posted May 19, 2020 Posted May 19, 2020 (edited) Elavon had or has a system like Security Metrics. I had to keep trying answers until they passed the test, then work out how to do what I had said in the answers, mainly about storing of card numbers in case I needed to give a refund. Putting old phone notebooks full of card details in the paper recycling bin outside where I live was the wrong answer. Nowadays I don't bother with Elavon but am still careful about card numbers. Taking the odd payment over the phone and typing it into Stripe via https://dashboard.stripe.com/payments | NEW has not got me arrested and Stripe don't require a PCI test. Online-only payments via Paypal have never led me to need a PCI test. Edited May 19, 2020 by veganline added security tip about the wrong answer
AndyC Posted May 19, 2020 Author Posted May 19, 2020 Yes it is the same thing, took me ages to pass my 1 as my hosting (sitegound) had to do all sorts of changes took them ages to figure out what needed doing .. Yep PayPal have their own PCI as you are in theory going to their website to pay.. All we end up is with a reference number
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now