What is PCI Compliance?
In general, PCI compliance is a set of security standards, processes, and practices that together make a company meet a minimal set of acceptable level of security, as it relates to accepting and processing payments using electronic means. This is a very common concern and requirement for many e-commerce stores.
To learn more about PCI compliance, please visit the PCI Security Standards website.
Should I Become PCI Certified?
If you become PCI certified, it will allow you to add certain indicators to your store that help your customers trust you that much more. While PCI compliance is a great thing to strive for and achieve, it's not a requirement for any store. It might help you sell more though, and give your legal team some additional peace of mind.
How Do I Become PCI Compliant?
There are multiple paths you can follow to become PCI certified. This article from the PCI Security Standards organization will help you on your first steps toward this goal.
Hotcakes Commerce Software is PA-DSS Compliant
When we refer to the software, we're talking about the actual code that our team writes and supports.
You can cross this off of your list. Our software follows the requirements set forth by the PCI SCC for payment application software vendors and the guidelines for data storage. For more information on those guidelines check out these resources:
Note that simply installing our software does not make you PCI DSS compliant. Much of the rules are tied to how you handle credit cards offline and how you setup your server infrastructure. For more information on the rules regarding PCI DSS compliance, check out the page on Wikipedia.
Hotcakes Commerce Cloud is PCI Ready
We maintain that our servers are PCI compiant but PCI standards do change quite often. So there may be new vulnerabilities that need to be addressed. Also PCI scans do not have full capabilities to scan everything they deem needs to be addressed. This results in a number of false positives coming up as failed vulnerabilites. It should also be noted that PCI scanning companies refuse to note previously established false positives on a domain name. This will cause those false positives to show up each scanning period in case you are noticing vulnerabilities each time.