Membership is FREE, giving all registered users unlimited access to every Acorn Domains feature, resource, and tool! Optional membership upgrades unlock exclusive benefits like profile signatures with links, banner placements, appearances in the weekly newsletter, and much more - customized to your membership level!
Site Direct helps you monetize your domain portfolios with ease

PCI DSS compliant hosting ?

Status
Not open for further replies.
dragon

dragon

Joined
Sep 13, 2008
Posts
1,203
Reaction score
53
After receiving some emails from paypal, I think i need to get a PCI DSS compliant host. But am a bit lost as to what's required and costs!
I use paypal pro to take payments (customers can enter card details on site and don't leave site when payment is taken).
 
dragon said:
After receiving some emails from paypal, I think i need to get a PCI DSS compliant host. But am a bit lost as to what's required and costs!
I use paypal pro to take payments (customers can enter card details on site and don't leave site when payment is taken).
Click to expand...


oh I do feel for you, it's a right pain in the arse! Had the same 6 or so months ago.

Whats your site running on ? Then can recommend you a host if it's same as me (Magento)

Note that just having a compliant host isn't all you need to do, your site will need to be made sure it is compliant, you'll need sign up to Trustwave (they charge you per month) and run scans (which often fail so you then do more work to fix and get it passing them).

Oh and Paypal seem to try and restrict my account all the time when the scans fail.... it really is a nightmare!
 
Yeah it does seem a pain. Have signed up to Trustwave.

I'm running wordpress with woocommerce

current host has said "A dedicated server is generally $250/month. This technically would not comply with pci-dss (it requires a separate database server as well) but it would get you past the scans. Note that PCI also requires a fair number of programming standards to be implemented on the part of your developers, it's not always an easy thing to get through."
 
For smaller turnover sites, you'd be better off switching to an off-site payment processor. Although Worldpay are occasionally the bane of my life, and did a shocking job of compliance initially, they have simplified it now.
 
I avoided most of the hassle by using a payment gateway that sends the customer to them to input the secure payment details. It means the required PCI DSS class is less invasive. I feel your pain though! I use Sagepay for the payment gateway (form) and Worldpay (ex Streamline) for the Merchant account, with Worldpay's "Saferpayments" for the annual compliance check.
 
Yes i think going via Sagepay sounds much simpler, plus sagepay is quite well recognised, so should have decent consumer confidence in using it ?
Will look into this now!
 
dragon said:
Yes i think going via Sagepay sounds much simpler, plus sagepay is quite well recognised, so should have decent consumer confidence in using it ?
Will look into this now!
Click to expand...

Yep, never had much in the way of customers turning around and saying nope, won't use that. Plus of course you can put your company logo on the page so even though the customer effectively leaves your site, they still retain a level of confidence.

Just be aware of the latest standards Sagepay use, which came into affect in July, because some ecommerce solutions haven't yet made the required changes. I had to use a third party to fix mine in time, was a bit stressful!

Remember along side a payment gateway such as Sagepay you need a merchant account from someone like Worldpay to then authorisation transactions into your bank account. There may be better solutions out there now, but I set mine up when Worldpay were Streamline and Sagepay were Protx!!!
 
Ian what ecommerce solution are you using?

Sagepay can be the merchant and gateway though can't they?
 
dragon said:
Ian what ecommerce solution are you using?

Sagepay can be the merchant and gateway though can't they?
Click to expand...

I'm using a custom one so isn't measurable by today's standards!!!

I'm not sure, maybe, I've just stuck with my existing setup, but if you find out that they can be both, let me know!
 
ian-d said:
I'm using a custom one so isn't measurable by today's standards!!!

I'm not sure, maybe, I've just stuck with my existing setup, but if you find out that they can be both, let me know!
Click to expand...

Yes they can, here Sagepays costs:
Gateway: £25 per month + VAT = 350 transactions per month 12p there after
Merchant Services: 1.9% Credit Cards, 0.59% Debit Cards

No Authorisation fees, no transaction fees, no minimum monthly spend.
 
dragon said:
Yes they can, here Sagepays costs:
Gateway: £25 per month + VAT = 350 transactions per month 12p there after
Merchant Services: 1.9% Credit Cards, 0.59% Debit Cards

No Authorisation fees, no transaction fees, no minimum monthly spend.
Click to expand...

Handy to know, though the credit/debit card fees are significantly higher than I pay, but I seemingly managed to negotiate a very strong deal a long time ago that they are still honouring to this date! I might investigate this myself though, see if they can match it; one less company to pay then!
 
May be able to save you some grief... if you're going to be having a load of dev anyway!

We're switching from sagepay to https://www.braintreepayments.com/ as works with paypal - apple pay - and they have direct debit coming soon

First £30k I think is also fee-free ...

Best bit - it's owned by paypal ... so pretty sure they will work it with paypal pro...

TW
 
BeachLife said:
One word for you; Stripe.
Click to expand...

Glad someone mentioned Stripe, I'm just in process of looking at it and setting it up for a client. Almost seems too good to be true from what I've seen so far. Heard some good things about it.

Seems simple for PCI compliance?
 
BeachLife said:
One word for you; Stripe.
Click to expand...

I just don't get Stripe, but maybe I'm lagging behind in modern methods, but how would that work for an online ecommerce solution using the traditional method of buying via a website, not a phone app?!?! Their website to me is lacking any real depth of detail, though haven't scanned it all yet!
 
ian-d said:
I just don't get Stripe, but maybe I'm lagging behind in modern methods, but how would that work for an online ecommerce solution using the traditional method of buying via a website, not a phone app?!?! Their website to me is lacking any real depth of detail, though haven't scanned it all yet!
Click to expand...

My use is for a traditional method of buying via a website. Means that customer doesn't leave site to make payment unlike current system which goes to paypal site. I'll post a link when finished.
 
redbird said:
Glad someone mentioned Stripe, I'm just in process of looking at it and setting it up for a client. Almost seems too good to be true from what I've seen so far. Heard some good things about it.

Seems simple for PCI compliance?
Click to expand...

I was just about to say would stripe be suitable. Details are taken on site but card details are never passed to your server so no compliance issues
Tons of documentation to there easy to use API. When I was setting up payments for JobOnline there documentation compared to PayPal was much much easier to use.
The only downside I could see was lack of brand awareness in comparison to PayPal.
If your a Limited / Registered company you can now pick up Green Bar EV/SSL for your checkout pages for just over £100 a year which I assume will go a long way in overcoming this.
 
BeachLife said:
One word for you; Stripe.
Click to expand...

Sorry, should have said more. To be PCI compliant with Stripe all you need to do is be using https, then use their javascript library. The customer does not appear to leave your site just enters payment details in a pop up window, that is very slick (see https://stripe.com/checkout). Or, you can use your own hosted form, and as long as you don't include the name attribute on the form elements (so the card details aren't posted back to your server), then you are again PCI compliant.

It's incredibly simple to integrate, acts as both merchant account and payment processor, and has no fixed fees, only charging 1.9% + 20p (£15 for a chargeback). Yes lower fees are around, but for a low cost entry and very slick payment process it is a bargain.

I love it.
 
Status
Not open for further replies.

Similar threads

Helmuts
World Host Group Acquires A2 Hosting
Replies
0
Views
246
Helmuts
Helmuts
it.com
it.com How to Enhance Conversions on E-commerce Websites
Replies
0
Views
197
it.com
it.com
ratboy
Portfolio Office Search - UK & International Office Broker Site
Replies
0
Views
195
ratboy
ratboy
it.com
it.com How To Launch a Website for an IT Startup: A 3-Step Guide
Replies
0
Views
213
it.com
it.com
it.com
it.com How Much Does It Cost to Launch an E-commerce Website in 2024?
Replies
0
Views
616
it.com
it.com
Domain Summit Europe 2025

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Members online

Total: 337 (members: 10, guests: 327)
IT.com

Premium Members

Sedo Global Domain Report
Aucdom Auctions
Catch Club
dot Hiphop

Latest Comments

Upcoming events

New Threads

Domain Forum Friends

DNForum
ConsultDomain.de
Domaineforum.fr
Domainforum.ro
DN.ca
DomainFragen.de
Inforum.in

Our Mods' Businesses

DomainUI Mod
*the exceptional businesses of our esteemed moderators
General chit-chat
Help Users
  • No one is chatting at the moment.
      There are no messages in the current room.
      Top Bottom