What is PCI compliance?

Keeping card payments secure is important for all businesses and their customers. A financial data breach/hack can have negative impact on your business as your customers will lose trust and you be penalised or fined.

The Payment Card Industry Data Security Standard (PCI DSS) is a standard mandated by the card schemes to increase controls on cardholder data to reduce the risk of fraud. It applies to small businesses as well as larger service providers including PayPal.

Why comply?

  1. Compliance is a requirement laid down by the card schemes (Visa, MasterCard, Amex etc.) If your business is not compliant, then the acquiring bank which processes your credit card transaction can issue fines and eventually suspend your account. You could also be liable for any fraud on cards compromised through your system. PayPal may also limit, fine or eventually suspend, your account.
  2. Shoppers are security savvy and increasingly aware of the dangers of fraud and identity theft. PCI compliance ensures you have procedures in place to protect payment information. Compliance protects your reputation and builds trust.
  3. Compliance helps you reduce risk of liability in the event of fraud. It also reduces the risk of severe business disruption in the event of a security problem.

What should I do?

Many of PayPal’s products can relieve you of the burden of ensuring you are PCI compliant, but with some – because of the way they work – you are responsible.

PCI compliance handled by PayPal

With Website Payments Standard, Online Invoicing, and PayPal Checkout, PayPal handles the card information on your behalf. Because PayPal is PCI Compliant, all you need to do is complete a Self-Assessment Questionnaire (SAQ).

PCI compliance handled by you

If you use PayPal Checkout or Virtual Terminal then you handle card payment data directly and you will need to ensure your business is PCI compliant.

Who can help?

If you are new to Website Payments Pro and not yet using it, the easiest ways to make sure you are compliant are:

If you already use Website Payments Pro, and integrated the API direct with PayPal, then:
Register with Trustwave, the leading provider of PCI compliance and data security solutions for the payment industry

If you already use Website Payments Pro, and integrated the API using a cart partner, then either:
Check if your cart provider is PCI Complaint

If you use Virtual Terminal and have additional questions:
Contact PayPal Business Support to discuss your options

Get help with PCI compliance
See our list of PCI compliant partners or register with Trustwave.