What is PCI DSS Compliance?

Payment Card Industry Data Security Standards (PCI DSS) are network security and business practice guidelines adopted by Visa, MasterCard, American Express, Discover Card, and JCB to establish a “minimum security standard” to protect customer’s payment card information.

It’s a mandatory requirement for all merchants that store, transmit, or process payment card informations.

Do I Need To Be PCI DSS Compliant?

Achieving PCI DSS compliance can be at a cost, however if your customers enter their credit/debit card details on the payment page hosted by the payment service providers - such as PayPal, PayPoint or Moneybookers - you the merchant do not need to worry about PCI DSS. So no need to pay for a hosting package with a credit/debit card payment page on your checkout. Ideal for the smaller merchant.

The level of customisation of the look and style of the payment page does depend on the payment service provider payment page styling options.

PCI DSS Compliance For The Smaller Merchant

If you use any of the other payment gateway options (e.g. PayPal Express Checkout, PayPal Website Payments Standard, PayPoint Lite or Moneybookers iFrame) your customer enters their credit/debit card details directly on pages hosted by the payment gateway - meaning you the merchant can use the payment service providers PCI DSS compliance.


PayPoint and PCI Compliance

For merchants that process using PayPoint.net’s payment pages, there is no requirement for a quarterly scan to be provided as this will be covered by PayPoint's own Level 1 PCI DSS Compliance validation.

This is dependent on the fact that you don’t store, transmit or process any card holder data on your own business network if your website is hosted in a different location. To be sure you can email PayPoint on askaboutcompliance@paypoint.net for advice.

More important information for PayPoint merchants regarding PCI Compliance can be found here


PayPal
and PCI Compliance

PayPal adheres to international PCI (payment card industry) compliance standards for data security. With Website Payments Standard, PayPal handles the payment card information for you. So you don’t have to worry about your buyers’ payment card security or about compliance with PCI DSS for your business.††

If you’re using Website Payments Pro, Payflow Pro, or Virtual Terminal, consult PayPal's free guide to help ensure that you’re PCI compliant. There will also be additional costs for payment pages hosted by us to achieve this. Please contact us for more details.

More important information for PayPal merchants regarding PCI Compliance can be found here

PayPal's PCI Compliance can be validated at Visa CISP
* PayPal is not responsible for PCI Compliance if you store, transmit, or process payment card information.
†† All card data must be stored, transmitted, and processed by PayPal and not by the merchant.

Moneybookers and PCI Compliance

Information for Moneybooker's merchants regarding PCI Compliance can be found here