Developer
Developer

Reputation: 26293

I am using sagePay system, do my website needs to be pci compliance

I am using sagePay payment server post on my website, Do my website needs to be PCI compliance.

Upvotes: 0

Views: 541

Answers (3)

zealvora
zealvora

Reputation: 95

As your'e using the Sage Pay Payment Server, the details that users are entering will be directly going to Sage Pay and will not be in anyway stored or accessed in your server.

So there is no need for you to be PCI Compliant. But it is necessary for the Sage Pay to be PCI Compliant as they are dealing the with Card Related Information.

Upvotes: 0

Pablo Smith
Pablo Smith

Reputation: 11

Whether fire's answer was correct in 2011 I don't know, but I do not believe that it is correct for PCI DSS v3 and anyone searching for PCI compliance might come across an incorrect or out of date answer.

All businesses need to be PCI DSS compliant if they handle card details in any way. The difference is to what level of compliance. If you outsource all card processing to a 3rd party and do not hold or transmit card details in any way, you still need to be PCI compliant but only need to fill in the Self Assessment Questionnaire (SAQ) A, which won't take you too long. Search for PCI DSS SAQ A and you should find the form.

Upvotes: 1

fire
fire

Reputation: 21541

If you are taking credit card details from your own site then yes, if you are redirecting customers to a 3rd party website like sagepay at the point of payment then no.

Upvotes: 1

Related Questions