PCI Compliant

[Horvath2012]

Can someone clear this up... I have someone from authorized.net trying to sell me service that I am not sure I really need. I Use PayPal Standard Business as a Payment Gateway and from what I can see here http://www.whmcs.com/partners/paypal/ its PCI Compliant ..

 

Do I need to be PCI Compliant as well? Its all very confusing.

 

From what I can see when a client checks out their invoice is transferred to PayPal and their servers before a Credit Card number is ever asked for...

 

Kind Regards..

[Kian]

As far as i know you have to be PCI compliant only if you use Server To Server (S2S) method. When you use services like Paypal, Moneybookers, ClickAndBuy (...) you are using an external payment gateway so you should not worry about PCI compliant. It's a "problem" of your gateway/partner.

[Horvath2012]

That's what I thought to Kian, thanks for the reply..

 

Kind Regards..

[WHMCS JamesX]

If you're not storing, processing, or transmitting certain data (i.e. PAN), you're generally alright without worrying about PCI compliance. The standard PayPal is a hosted solution, and therefore, you don't store, process, or transmit such data. However, if you're looking at a new payment solution, you may need to become PCI DSS compliant for it though.

[easyhosting]

we use cashflows as a payment gateway and even though they deal with all the payment side of things we still hade to become PCI complaint, but we have a Comodo Instant SSL that comes with hackerguardian which does a daily PCI check on our site and to them this is sufficiant as long as we send them the weekly reports.