How do I know if I'm PCI compliant

PCI compliance means meeting the data security requirements of the Payment Card Industry Data Security Standard (PCI-DSS).

PCI-DSS establishes a standardised framework for securely receiving, transmitting, and storing sensitive card data is in digital environments. And it provides a method of measuring and certifying your compliance when you handle sensitive card data.

There are two main ways to achieve PCI compliance. One is to have a fully secure environment to handle sensitive card data. The other is to use CardCorp's hosted solution.

CardCorp is a Third Party Service Provider (TPSP) of PCI-certified technical systems. These systems handle sensitive card data from the point of entry into the Card Data Environment (CDE).

CardCorp's hosted iframe checkout is a PCI-compliant TPSP solution that you can load directly on your merchant website. Customers enter their card details in the checkout, which securely receives, transmits, and stores this card data in the CardCorp payment gateway. This means you do not need to handle sensitive card data yourself.

You can load the hosted iframe checkout using a webshop plugin or by integrating with the COPYandPAY API. You can also use the BillPro payment platform.

When you use a TPSP system and do not handle sensitive card data, you still need to certify compliance. To do this, you need to complete a PCI Self Assessment Questionnaire (SAQ), in this case PCI-SAQ-A. When you apply with CardCorp, we prepare this document for you and submit it to your acquirer with your application.

Complying with PCI-DSS protocols can be complex and multi-faceted for entities that receive, transmit, and store card data. However, if you use a hosted solution, PCI compliance is relatively easy to achieve and maintain.

Questions? Visit our website and chat with our payment experts for a free assessment of your business's PCI-DSS requirements.