This article will help you understand the scope of the rules around Payment Card Industry (PCI) Compliance, how Event Tickets helps with it, what is outside the scope of Event Tickets’s role, and how you can learn more.
What is PCI Compliance?
According to the PCI Security Standards website:
“The PCI Security Standards Council is a global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.”
PCI Compliance is centered around preventing fraud, both with customer passwords and details, as well as credit cards. This list of rules and standards reflects how well an organization protects the sensitive data of any person that you collect information from.
Do I have to be PCI Compliant?
Anyone who collects sensitive personal information from their site visitors should be aware of compliance. More specifically, if you are transmitting credit card data on your website, your website should be PCI-DSS compliant.
One way to avoid this requirement is to use a third-party system to process payments. A common example of this is to use PayPal Standard to collect and process payment information on your website.
How do I check my compliance?
The latest version of PCI Compliance is PCI DSS 3.2. This new standard has two primary levels of PCI Compliance for anyone processing online payments: SAQ A, and SAQ A-EP.
How do you know which is right for you? The best way is to review their self-assessment questionnaires.
Where can I learn more about PCI Compliance?
If you have additional questions regarding PCI Compliance, we highly recommend reaching out directly to the PCI Security Standards team via their website. We are always happy to answer any questions you may have at The Events Calendar, but the PCI Security Standards team specializes in this topic.