PCI Compliance

[PCLTD]

HI everyone,

I was with PaymentSense for a few years for my e-commerce payment provider and about two months ago switched to WorldPay.

A couple of days ago we received an email from PaymentSense saying our PCI compliance was over due and needed to b updated ASAP.

Although this is over due and we will get it resolved next week is this something we need to do going forward or will we get a similar set up from WorldPay and the payment sense one will no longer be needed?

Sorry if its a bit of a daft question but the whole PCI set up is a bit of a nightmare for me!

 

[Nochexman]

Hello PCLTD. How do you take payments? Is it customer present or customer not present?

 

[PCLTD]

Customer not present. We are based online only.

 

[Nochexman]

Are the payment pages where the transactions take place on your website (e.g. https://www.pcltd.co.uk) or on your payment processors website (e.g. www.worldpay.com)?

 

[PCLTD]

They are on our website so once the customer adds to cart they then checkout through the website.

 

[Nochexman]

Although this is over due and we will get it resolved next week is this something we need to do going forward or will we get a similar set up from WorldPay and the payment sense one will no longer be needed?

It sounds like you are self-certifying through your payment processor. So, you no longer need the certification from PaymentSense; you will need to do certification through Worldpay. If they have not already contacted you (and added this to your charges), it would be worth finding out how they make the process work.

 

[PCLTD]

Thanks for the info.

I managed to get to the bottom of it with Payment sense, as the account was closed they said ignore the compliance and they will take care of it.

I believe worldpay is up to date as we haven't needed to do anything as of yet.

Thanks again

 

[WebDesires]

To clarify for anyone else, you only really need PCI Compliance if you are processing payments and storing sensitive information such as card details in your own systems/website.

For example services such as worldpay, authorizenet, paypal do the processing and handling for you so you generally don't need PCI Compliance.

Hope this clears things up for anyone confused.

 

[wayzgoose]

To clarify for anyone else, you only really need PCI Compliance if you are processing payments and storing sensitive information such as card details in your own systems/website.

For example services such as worldpay, authorizenet, paypal do the processing and handling for you so you generally don't need PCI Compliance.

Hope this clears things up for anyone confused.

I seem to remember a few years ago when we were with Sage Pay, we still had to pay for PCI Compliance even though all payments were handled off site. It seemed to be a PCI Compliance charge and form fill to show we didn't need PCI Compliance!