cancel
Showing results for 
Search instead for 
Did you mean: 

How are you dealing with PCI DSS compliance?

Highlighted

How are you dealing with PCI DSS compliance?

I don’t store credit cards but I do process them in my magento 2 website, i.e. I do not re-direct customers off to a third-party page at the checkout page.

I contacted the Indian company that developed the credit card processing extension that works with my credit processor. Not surprisingly they don’t have a good answer for me about PCI compliance of their extension.

I’ve taken a look at the PCI compliance document and feel a little daunted by the 80 pages of detailed questions and tests.

I’m going to hand this to my lead developer to sort out but I’m a little afraid of the number of dev hours this is going to cost me.

Has anybody else successfully met PCI standards?

2 REPLIES 2
Highlighted

Re: How are you dealing with PCI DSS compliance?

@kaidenjuan_kaid  PCI is not just payment processing and not storing credit card on your website. This requires Infrastructure and software need to be compliant as well as recovery plan in place. Questionnaire is required and all this requires time and effort. I wish there is a easy way...

 

You can consult with some external security companies as well who can help you get PCI complaint. You can compare the cost between external vendor or doing it your self. Spending this money will worth a lot more than getting the shop compromised.

- Tarandeep
Problem solved?Please give 'Kudos' and accept 'Answer as Solution'.
Highlighted

Re: How are you dealing with PCI DSS compliance?

Hi @kaidenjuan_kaid 

Trandeep said correctly, PCI is not just payment processing and not storing credit card on your website. This requires Infrastructure and software need to be compliant as well as recovery plan in place

If you are not redirecting customers on a third party website and accepting payments based on a iframe form which is loaded from your payment provider, you should be OK with payment part.

I suggest you to hire a Certified PCI Assessor  .Only a certified PCU assessor can approve whether your site is PCI complaint or not.

---
Problem Solved Click Accept as Solution!:Magento Community India Forum