Jump to content

PA-DSS Compliance

Recommended Posts


I'm currently processing payments through WHMCS through the Stripe module. Stripe have asked me to verify my PCI-DSS compliance and now I have to fill out an SAQ A-EP 🙂

My question is, have I royally messed up by assuming WHMCS is PA-DSS compliant, or is there a way round this? I know Stripe is PA-DSS compliant but WHMCS doesn't appear to be listed.

Share this post

Link to post
Share on other sites

We went through the PCI pain as well. You are under SAQ A-EP when you have ANY element relating to taking payments presented in a page that has your domain in the URL. It doesnt matter if its an iframe to another processors form, doesnt matter if your never touching the field inputs on the server side, doesnt matter anything. The ONLY way to be SAQ A is if you link offsite to your payment processor completely out of your site. We use Authorize.net and none of the included gateways fell under SAQ A compliance so we had to build out own that pops up a new window to a payment form hosted entirely by Authorize.net.

If you use a webhost that claims to be PCI SAQ A-EP compliant then you might be good because you can just refer an auditor to your hosting provider to source all the proof of compliance. HOWEVER, I am not sure that SAQ A-EP has any requirements that fall under the individual that control the server OS so you may still be accountable even in this instance.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated