PCI Compliance for Basic Donation Function

  • Resolved livingmiracles

    (@livingmiracles)


    4 years ago

    Hello,

    We are trying out your plugin and want to know whether we will be required to do additional work in order to be PCI compliant.

    We are looking to set up something fairly simple/basic and plan to only use the “Offline Donations” and “PayPal Donations” options on our site.

    With this setup, do you think we will need to take steps to become officially PCI compliant?

    After reading your article, we have the following concerns:

      We are “transmitting credit card data via [our] website” through using the PayPal payment gateway
      Our “entire donation page [isn’t] hosted by a third-party” but maybe with using PayPal we are “pushing all donation activity to a third-party website”?
      We are using “PayPal Donations” and not “PayPal Standard.”

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Contributor Ben Meredith

    (@benmeredithgmailcom)

    Hi @livingmiracles,

    Great question!

    First, I’m not a lawyer or a PCI compliance officer, (and I haven’t fully vetted your site) so my guidance here is more general.

    PayPal Donations loads the actual card fields (if applicable) in an iframe directly from PayPal’s servers, so card information is never stored on or saved in your website at all. The only thing you have to do is to provide a secure connection for site visitors to your site, using a SSL (TLS) certificate. From there, everything is sent directly from the donor’s browser to PayPal to handle, meaning that the bulk of the compliance requirements are on them, not you.

    Let me know if that clarifies things.

    Thread Starter livingmiracles

    (@livingmiracles)

    Hi @benmeredithgmailcom,

    Yes, that does clarify the situation. Thank you very much! ??

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘PCI Compliance for Basic Donation Function’ is closed to new replies.