These days it’s easier than ever to create an online store. One of the easiest ways to do so is by building your site using WordPress and downloading the plugin WooCommerce. With a little patience, you can have a fully-functional shop set up in less than a day!

For those looking to manage an online store and accept credit card payments, the term “PCI Compliance” is likely to come up sooner or later. For those wanting to know more, check out these frequently asked questions about PCI Compliance.


What is PCI Compliance?

PCI-DSS (Payment Card Industry Data Security Standards) is a set of rules designed by the Payment Card Industry Security Standards Council to streamline data security measures around the world and reduce credit card fraud. These standards create an extra level of protection for card issuers and users, by ensuring that merchants meet basic levels of security when storing, processing, and transmitting cardholder data.  


Who is the Payment Card Industry Security Standards Council?

The Payment Card Industry Security Standards Council was originally formed by American Express, MasterCard, Visa Inc., Discover Financial Services, and JCB in 2004. The council itself is made up of various independent credit card vendors.


Who needs to be PCI compliant?

The rules of PCI compliance apply to anyone who is storing, processing or transmitting credit card data. Therefore, merchants who wish to take credit card payments online directly need to be aware of PCI-DSS. 

If you’re only taking payments using a gateway merchant, such as PayPal, Stripe, Authorize.Net, you don’t need to worry about getting PCI certified.


Is PCI Compliance optional?

If you want to process credit card payments on your website, PCI Compliance is not optional. It doesn’t matter how small or big your company it is. 


How do you obtain PCI Compliance?

Obtaining PCI Compliance can sound intimidating, but it’s less overwhelming when you break it up into steps:

  1. Determine your compliance “level” with your bank and different credit card companies
  2. Complete the PCI Compliance Self-Assessment Questionnaire
  3. Complete the Attestation of Compliance Form (contained in the SAQ form above)
  4. If needed, complete and obtain evidence of passing the external vulnerability scans required
  5. Submit all of the above documents that your bank or credit card provider requires

Our PCI Compliant Hosting offers merchants the ability to host in a secure environment that will pass PCI scanning tests. With a PCI approval scan, you are free to secure merchant accounts with your financial institution and offer credit card processing online. Contact us to find out more.


How long does PCI Compliance take to complete?

The entire process can take weeks to months. It’s hard to say because the time it takes to complete is based on how intensive you are in carrying out the above steps. Once the self-assessment and scan have been completed, the results are forwarded to your credit card merchant and banking provider and then on to the Payment Card Industry Council stating that you have passed compliance.


How much does PCI Compliance cost to complete?

It’s a little difficult to put a monetary value on PCI Compliance because there are a lot of factors to consider, such as:

  • Your company’s size
  • Your company’s revenue
  • Your company’s security measures

Typically, the more credit card transactions your company processes each year, the more PCI compliance will cost. This means PCI compliance can cost anywhere between $500 – $500,000 per year.


How long does PCI Compliance last?

Online vendors are required to pass an annual assessment to achieve and maintain PCI DSS compliance.


If I use WordPress or WooCommerce is my website PCI Compliant?

WordPress and WooCommerce themselves are not PCI compliant; Obtaining PCI-DSS certification is completely up to the website owner. However, using WordPress or WooCommerce does not prevent website owners from pursuing PCI compliance.


Finals Tips

If you’re seeking PCI Compliance for your eCommerce site, you should keep the following advice in mind:

  1. In case you’re still not comfortable with the concept of PCI Compliance, use a gateway merchant that handles credit card processing for you.
  2. If you want to be able to accept credit card payments, consider choosing a reputable, secure hosting provider which can help you in the process.
  3. Keep security top-of-mind when creating and managing your site, such as creating strong passwords and limiting access to certain individuals only.
  4. Install an SSL certificate with the help of your hosting provider.
  5. Never store credit card details anywhere.
  6. Keep your website, including your theme and plugins, up-to-date.