I am using sagePay system, do my website needs to be pci compliance

Question

I am using sagePay payment server post on my website, Do my website needs to be PCI compliance.

Answer 1

As your'e using the Sage Pay Payment Server, the details that users are entering will be directly going to Sage Pay and will not be in anyway stored or accessed in your server.

So there is no need for you to be PCI Compliant. But it is necessary for the Sage Pay to be PCI Compliant as they are dealing the with Card Related Information.

Answer 2

Whether fire's answer was correct in 2011 I don't know, but I do not believe that it is correct for PCI DSS v3 and anyone searching for PCI compliance might come across an incorrect or out of date answer.

All businesses need to be PCI DSS compliant if they handle card details in any way. The difference is to what level of compliance. If you outsource all card processing to a 3rd party and do not hold or transmit card details in any way, you still need to be PCI compliant but only need to fill in the Self Assessment Questionnaire (SAQ) A, which won't take you too long. Search for PCI DSS SAQ A and you should find the form.

Answer 3

If you are taking credit card details from your own site then yes, if you are redirecting customers to a 3rd party website like sagepay at the point of payment then no.