Fredrik Olsen, writing at Medium:
If you’re storing CC information in your own system, stop doing that and use a third party service, the PCI compliance requirements are vastly different for those storing the data vs those that simply use a third party service. If you are using a third party service for storing CC information then you have to be compliant with PCI DSS (Data Security Standards). Relative to the full PCI auditing process, the DSS requirements when using a third party service are fairly easy to comply with, and for Level 3 you don’t even have to be audited, just fill out a Self Assessment Questionnaire (SAQ).
This is what’s known in our industry as A Very Good Thing™. People are getting fed up with replacing their credit cards every 6 months because some online retailer had a security breach.
Some words about online credit card processing
The options for outsourcing payment processing are better now than they have ever been and a service definitely exists for the needs and priorities of almost everyone. We at Knoxweb have had the smoothest implementations with Square, Authorize.net, Paypal, and WePay.
Not all payment processors are equal, even when it comes to the big names. For example, Stripe and Yahoo Stores are both in Visa’s doghouse right now. Their entry on the Visa Global Registry of Service Providers has turned yellow, with an expiration date of Mar 31, 2015. This means they’re having some kind of PCI compliance problem. Generally, Visa will gradually crank up penalties until the problem is fixed, then pull the plug after around 9 months of non-compliance.
Visa says Square and Paypal are OK right now. If you are using a third party to process payments online, check their status on the Service Providers list of Visa, MasterCard, and American Express. If you’re a merchant of a service that’s in the yellow, that service was supposed to inform you that they were in the doghouse. Did they?
We at Knoxweb are experts in this field and are here to help you and your customers stay safe. If you have questions about your online payment system, get in touch.