1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

PCI Compliance

Discussion in 'eCommerce' started by Boxwell, Sep 27, 2017.

0
  1. #1
    Hello,I'm hoping someone can help me to understand which PCI self-assessment questionnaire we need to complete.

    We have a site where we take payments in the site using the Paypal Pro gateway and Wordpress Woocommerce. This means the payment goes to our Paypal account but the user does not have to leave our site to make the payment.

    Our site is hosted by a third party company who is PCI compliant. We do not own the servers etc for our site.

    I'm not sure which self-assessment we need to complete in this example. I know we are either the SAQ A, or the SAQ EP, but I'm not sure which. (http://blog.securitymetrics.com/2014/07/which-saq-is-right-for-me.html)

    Thanks for your help,

    Graeme
     
    Boxwell, Sep 27, 2017 IP
  2. jestep

    jestep Prominent Member

    Messages:
    3,659
    Likes Received:
    215
    Best Answers:
    19
    Trophy Points:
    330
    #2
    If the payment page is hosted on your site, pretty sure you're SAQ A-EP. If there's any storage at all or anything beyond posting directly to the API, it kicks you instantly up to D. There may be other situations as well, I'd ask your QSA just to be sure.
     
    jestep, Oct 3, 2017 IP