Staying PCI compliant
The Payment Card Industry Security Standards Council sets forth security standards to protect credit card data called the Payment Card Industry Data Security Standards (PCI-DSS or PCI for short). Entities that transmit, process or store credit card information are expected to abide by PCI.
You can use hosting to set up your online presence and product catalog. You can then work with a third-party provider to process payments on your behalf to keep credit cards off your server (for example: PayPal Checkout, Square Online Checkout and Stripe Checkout). Make sure you're aware of any other requirements to keep your business PCI compliant.
If you prefer to accept payments directly on your site, we offer PCI-certified products like GoDaddy Payments, Online Store, and Online Appointments. PCI compliance is a joint effort. When you use one of our PCI-certified solutions, we design our processes and systems to protect your customer's credit card information and need you to protect your account.
GoDaddy Payments, Online Store and Online Appointments
Payments through Online Store and Online Appointments are integrated with third parties that process credit card information in their secure environments. These products use a small amount of code on your website to enable your customers to enter credit card information directly on the site. This enables you to achieve PCI compliance by taking a few steps to protect your account:
- User Management
- Always assign users a unique ID and use strong passwords.
- Don't use group, shared or generic IDs or passwords.
- Remove users when they should no longer have access.
- Paper (non-digital) Records
- If you collect credit card information on paper, make sure to control access to the information and destroy it when it's no longer needed.
- Service Provider Compliance
- If you use services to manage paper records or manage your account, make sure the service provider has acknowledged their responsibility for safely handling credit card data and you're confident they're fulfilling their obligations.
- Incident Response Plan
- Make sure you have a list of who you need to reach out to and how you will handle customer communication in case of a data breach.
- Submit PCI Self-Assessment Questionnaire A (PCI SAQ-A) with your processor (Stripe, Square or PayPal).
Note: If you accept payments over the phone, you may be subject to added requirements to secure your phone systems and computers used by your call center agents.