Mobile app version of vmapp.org
Login or Join
BetL925

: PCI Compliance on Non-Transacting Website? I was wondering if anyone has any experience with an employer that is requesting their site be made PCI Compliant whilst not having any credit card

@BetL925

Posted in: #PciCompliance

I was wondering if anyone has any experience with an employer that is requesting their site be made PCI Compliant whilst not having any credit card data stored or transmitted through it.

The site is for a restaurant, and they do have links to a site that sells their gift cards and a site that takes reservations and requires a credit card for certain sized parties, but beyond that, it is an informative site with images and doesn't sell anything on its own.

The client states that the bank is requiring PCI Compliance because of those links on the page, despite not store or transmitting via any form on its own.

Just wondering if anyone had dealt with a situation like this in the past and if the Self-Assessment Form was sufficient for a bank requesting PCI Compliance. Some of the rules seem a bit extreme.

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @BetL925

1 Comments

Sorted by latest first Latest Oldest Best

 

@Kristi941

You do need to be PCI compliant because you do capture and handle credit card information. It doesn't require you sending it to a bank or storing it. Just having it in your system at any time puts you within PCI scope.

The self assessment is good but to be sure you are actually 100% compliant you should have an auditor check your system. They will be unbiased and detail issues you may not be aware of.

Whomever is telling you that you need to be PCI compliant because you link to sites that accept credit cards for payment is mistaken. Your site does not have credit card information pass through your system so you are outside of the scope of PCI. But, if you share a database with any of these sites and have access to their payment data you enter a gray area and probably either fall under PCI already or will soon because the rules gets stricter every year.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme