|
IT Solutions RRC
|
August 27, 2014 at 1:33 pm
Hello there fine folks at Event Espresso!
We have our Event Espresso installed at events.rrc.ca and it has been working swimmingly despite running on a Windows IIS server. We are in the middle of a PCI compliance exercise at my work, and the question that came us was “is using Paypal PCI compliant?” We do not store any payment/cc info other then the registrant’s name and sometimes address, we push them to Paypal to pay, and when they are done paying we store the Paypal transaction ID. We have a SSL-certificate installed on our site (so it’s https://events.rrc.ca when they are filling out event registration stuff). We have a consultant saying that Paypal’s servers are in-scope in the latest iteration of PCI compliance madness. We disagree. But we’d like to hear your guy’s opinion on the matter.
Thanks!
Mike
|
|
Lorenzo Orlando Caum
|
August 27, 2014 at 2:54 pm
Hi Mike,
With PayPal Standard, the payment processing takes place on a secure PayPal server.
No transfer of funds occurs on your own site.
—
Lorenzo
|
|
IT Solutions RRC
|
August 27, 2014 at 3:04 pm
Does this mean we can continue to use this payment method and still be considered compliant?
|
|
Jonathan Wilson
|
August 27, 2014 at 3:49 pm
Hi there,
Yes. As long as you are using Paypal Standard, you shouldn’t have to worry much about PCI compliance. If you were using Paypal Payments Pro, then you would need an SSL (https://) on your server to remain in compliance.
Does that help?
|
|
IT Solutions RRC
|
August 28, 2014 at 8:50 am
Immensely, thank you!
|
