How to Accept Payments and Stay PCI Compliant
Not sure which payment system to use? Here's how to make sure you stay compliant and accept payments the right way.
Updated November 6, 2024.
The best way to accept payments when using your own server is by using Stripe. Stripe is a payment gateway that is really easy to use and has a great API that you can connect to your own server to receive payments.
The best part is that Stripe is PCI compliant if you set it up correctly, so you don't have to worry about getting any kind of outside certificates or validations. You simply install Stripe, hook it up to your server, and you can start to receive payments.
Most merchants don't prefer the option of using their own server to host their site because it can get expensive, may require advanced engineering or coding skills, and is only relevant for businesses that have very specific unique needs.
The best option for 99% of eCommerce brands out there is to use an out-of-the-box hosting solution that provides loads of integrations with payment gateways. It takes 10 minutes to set up and connect your payment software for you to start selling.
What does PCI compliance mean?
PCI stands for payment card industry compliance and it's required by credit card companies for merchants to stay compliant. It helps ensure the security of credit card transactions online. PCI standards for compliance are developed and managed by the PCI Security Standards Council.
What are the requirements of PCI compliance?
There are 12 official requirements for PCI compliance:
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update anti-virus software or programs
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need to know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security for all personnel
How do I become PCI compliant for free?
Check with your merchant account provider or payment processor and see if they charge you for a PCI certificate. If they don’t then you can go ahead and fill out your self-assessment questionnaire each year. Providers like Paypal, Square, and Stripe don’t charge PCI compliance fees.
What are the 4 PCI standards?
The PCI DSS sets four different compliance levels for merchants.
- Level 1: Merchants that process over 6 million card transactions annually.
- Level 2: Merchants that process 1 to 6 million transactions annually.
- Level 3: Merchants that process 20,000 to 1 million transactions annually.
- Level 4: Merchants that process fewer than 20,000 transactions annually.
What happens if I’m not PCI compliant?
If a data breach occurs and you are not PCI compliant then you could get a fine or a penalty of anywhere between $5,000 and $500,000. You will also risk losing your merchant account and the ability to process any payments in the future.