HostSprite PCI COMPLIANCE

PLEASE READ THIS AGREEMENT CAREFULLY, AS IT CONTAINS IMPORTANT INFORMATION REGARDING YOUR LEGAL RIGHTS AND REMEDIES.

Staying compliant with PCI

The Payment Card Industry Security Standards Council sets forth security standards to protect credit card data called the Payment Card Industry Data Security Standards (PCI-DSS or PCI for short). Entities that transmit, process or store credit card information are expected to abide by PCI.

You can use hosting to set up your online presence and product catalog. You can then work with a third-party provider to process payments on your behalf to keep credit cards off your server (for example: PayPal Checkout, Square Online Checkout and Stripe Checkout). Make sure you’re aware of any additional requirements to keep your business PCI compliant.

If you prefer to accept payments directly on your site, we offer PCI-certified products like Managed WordPress Hosting and eCommerce Hosting. PCI compliance is a joint effort. When you use one of our PCI-certified solutions, we design our processes and systems to protect your customer’s credit card information and need you to protect your account.

Managed WordPress with WooCommerce

Payments through Managed WordPress can be implemented via the WooCommerce plugin, which integrates with third parties to process credit cards in their secured environments. This uses a small amount of code on your website to enable your customers to enter credit card information directly on the site. Since you control the plug-ins installed in your account, there are a few additional steps to achieve PCI compliance:

  • Payment Implementation
    • Only install the WooCommerce plug-in for payments. While other payment plug-ins may be available, we only certify the WooCommerce plug-in.
    • Don’t add any functionality or code that will handle credit card information. We cannot certify any custom payment process added to a server.
    • Keep your plugins updated.
  • User Management
    • Always assign users a unique ID and use strong passwords.
    • Don’t use group, shared or generic IDs or passwords.
    • Remove users when they should no longer have access.
  • Paper (non-digital) Records
    • If you collect credit card information on paper, make sure to control access to the information and destroy it when it’s no longer needed.
  • Service Provider Compliance
    • If you use services to manage paper records or manage your account, make sure the service provider has acknowledged their responsibility for safely handling credit card data and you’re confident they’re fulfilling their obligations.
  • Incident Response Plan
    • Make sure you have a list of who you need to reach out to and how you will handle customer communication in the event of a data breach.
  • Submit PCI Self-Assessment Questionnaire A (PCI SAQ-A) with your processor (WooCommerce Payments, Stripe, PayPal, Square, Klarna or PayFast).

 Note: If you accept payments over the phone, you may be subject to additional requirements to secure your phone systems and computers used by your call center agents.

If you have additional questions, please work with your bank or contact a Qualified Security Assessor (QSA).

RSS
YouTube
YouTube