PCI compliance is a standard introduced by the leading credit card issuers to ensure that transactions carried out on a web site are as secure as possible.

Broadly speaking there are three major elements to becoming PCI certified:

One - Complete a SAQ (Self-Assessment Questionnaire)

This questionnaire is designed to establish the structure of your business and how sensitive information such as credit card details are handled. For the vast majority of merchants, the SAQ can be completed internally and does not require an on-site audit.

Two - Operate on a PCI secured Hosting Platform

Contrary to popular belief, this does not mean that you have to host your store on a dedicated or VPS server. Granted it is slightly easier to secure a dedicated/VPS server but it is still possible to utilise shared hosting.

NB: Open Mind Hosting provides full PCI certified hosting accounts right across the board. If you take up our offer of free hosting for the first year with your store license then this will be covered.

Three - Utilise Software that is PCI Compliant

Amazingly some eCommerce software vendors allow you to store credit card information within the database or even send this sensitive data via email to the store owner. This breaches many of the PCI guidelines and should be avoided at all costs!

Our eCommerce software does not store any sensitive data and all the gateways have been constructed to take advantage of all the latest anti-fraud checks such as 3D secure and MaxMind.

Do I Need to be PCI Certified?

If you intend to take credit card directly on your site then you will need to satisfy all of the above points to be PCI certified. If you only use a virtual terminal you will only need to complete the SAQ as your site does not handle the credit card information.

Confused?

Don't worry you're not alone! There is a lot of misleading information out there about PCI certification and what you need to do so please do get in touch with us if you have any questions.