I don’t store credit cards but I do process them in my magento 2 website, i.e. I do not re-direct customers off to a third-party page at the checkout page.
I contacted the Indian company that developed the credit card processing extension that works with my credit processor. Not surprisingly they don’t have a good answer for me about PCI compliance of their extension.
I’ve taken a look at the PCI compliance document and feel a little daunted by the 80 pages of detailed questions and tests.
I’m going to hand this to my lead developer to sort out but I’m a little afraid of the number of dev hours this is going to cost me.
Has anybody else successfully met PCI standards?
@kaidenjuan_kaid PCI is not just payment processing and not storing credit card on your website. This requires Infrastructure and software need to be compliant as well as recovery plan in place. Questionnaire is required and all this requires time and effort. I wish there is a easy way...
You can consult with some external security companies as well who can help you get PCI complaint. You can compare the cost between external vendor or doing it your self. Spending this money will worth a lot more than getting the shop compromised.
Trandeep said correctly, PCI is not just payment processing and not storing credit card on your website. This requires Infrastructure and software need to be compliant as well as recovery plan in place
If you are not redirecting customers on a third party website and accepting payments based on a iframe form which is loaded from your payment provider, you should be OK with payment part.
I suggest you to hire a Certified PCI Assessor .Only a certified PCU assessor can approve whether your site is PCI complaint or not.