With holiday shopping in full swing, WordPress websites that accept credit cards are busier than ever. Lots of business is great. Not being PCI compliant is bad.
PCI compliance is required by all the major credit card companies and if your website is not PCI compliant, you risk penalties, lost revenue, the inability to accept credit card payments in the future and worst case, an increased risk of cardholder data exposure.
The PCI Data Security Standard, or PCI DSS for short, is a checklist of baseline security practices to help protect cardholder data and any technology that has access or connects to the computers or networks which contain, process or transmit the data. The latest version of the DSS as of this writing is 3.1, and it contains 12 requirements within six broader categories.
The standard is technology agnostic. It provides best security practices to protect cardholder data. That means the PCI DSS applies the same to WordPress websites as it does to other platforms.
How much of the standard applies is up to the website owner. If the website uses shared hosting and a third party gateway to process payments, much of PCI DSS may be out of scope. If the website is self-hosted and accepts cardholder data, the entire standard may apply.
Some WordPress websites with e-commerce use off-the-shelf plugins that use PCI-compliant third-party gateways to accept and process credit card transactions. This takes the website out of scope of the standard as the payment gateway handles compliance. If credit cards are accepted on the WordPress website, even if a third-party gateway is used, it’s advisable to become PCI compliant. Compliance provides a proper assessment of e-commerce practices, a strong foundation for website security and peace of mind for customers.
Regardless of gateway used, payment processors may mandate PCI compliance. Here are a few tips to help secure your WordPress website and help bring it closer to compliance.
Providing your customers a worry-free holiday shopping experience is the main objective for any WordPress e-commerce website. To ensure you are meeting PCI requirements contact SiteLock at 855-759-1108 for a free consultation.