{"id":2288,"date":"2013-02-22T00:00:00","date_gmt":"2013-02-22T00:00:00","guid":{"rendered":"http:\/\/otava.test\/who-needs-pci-compliance-exactly\/"},"modified":"2013-02-22T00:00:00","modified_gmt":"2013-02-22T00:00:00","slug":"who-needs-pci-compliance-exactly","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/who-needs-pci-compliance-exactly\/","title":{"rendered":"Who Needs PCI Compliance, Exactly?"},"content":{"rendered":"

We spend a lot of time talking about PCI compliance<\/a> here on the blog. And we have lots to say- there are so many little facets on the way to compliance that the conversations fall all over each other to be heard. So, we looked to the questions being asked by our customers, wanting to know what people who need the compliance really cared about, or what they needed some clarification on.<\/p>\n

One of the biggest things we found was that many people who started conversations with us about PCI compliant hosting actually didn\u2019t need it. The general presumption was that if a company sold things on their website, they would need PCI compliance for their hosting<\/a> environment. That\u2019s not necessarily the case, however.<\/p>\n

At a high level, any company that is going to accept credit card payments, and store, process, and\/or transmit cardholder data will need to follow the PCI DSS put forth by the PCI SSC (Payment Card Industry Security Standards Council). Anyone with the ability to access the servers that hold a company\u2019s cardholder data will need to be compliant as well. This means that e-commerce businesses and app developers that accept credit card data are going to have to think about PCI, to name just a few.<\/p>\n

However, some companies use third party payment processors, like Google Checkout, Braintree, or Authorize.net. These payment processors move customers onto their site for the online payment that occurs. This means that the cardholder data is actually on the third party\u2019s servers, in an environment that\u2019s compliant. This option takes the merchant\u2019s site out of scope, and means that the hosting for their site does not have to be in a compliant environment, because they aren\u2019t processing, storing or transmitting cardholder data.<\/p>\n

If a company is using any merchant-managed e-commerce implementation, whether it\u2019s custom developing their own payment application or using a commercial shopping cart that they host, they\u2019ll need a compliant environment for their hosting. Drawing out a plan to better understand what implementation you have prior to speaking with a hosting provider will give you a better idea of what you need, so you can confidently walk into that discussion with a plan in mind.<\/p>\n

If you want more information about the different e-commerce implementations that are out there to be used, and suggested PCI DSS guidelines, check out the supplement that came out last month from PCI SSC, PCI DSS E-Commerce Guidelines<\/a>. Also, we have a webinar Tuesday, February 26th at 2pm that goes over recent updates to PCI compliance that should help elucidate questions about PCI compliance. Sign up for it online here<\/a>.<\/p>\n

Relevant Supplementary Reading:
\nAttackers Aim At Retail, Food Service<\/a>
\nYour Cloud Hosting Provider May Be PCI Compliant But That Doesn\u2019t Mean You Are<\/a>
\nUnderstanding Big PCI Pitfalls<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

We spend a lot of time talking about PCI compliance here on the blog. And we have lots to say- there are so many little facets on the way to compliance that the conversations fall all over each other to be heard. So, we looked to the questions being asked by our customers, wanting to know what people who need the compliance really cared about, or what they needed some clarification on. One of the biggest things we found was that many people who started conversations with us about PCI compliant hosting actually didn\u2019t need it. The general presumption was that if a company sold things on their website, they would need PCI compliance for their hosting environment. That\u2019s not necessarily the case, however. At a high level, any company that is going to accept credit card payments, and store, process, and\/or transmit cardholder data will need to follow the PCI DSS put forth by the PCI SSC (Payment Card Industry Security Standards Council). Anyone with the ability to access the servers that hold a company\u2019s cardholder data will need to be compliant as well. This means that e-commerce businesses and app developers that accept credit card data are going…<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-2288","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"\nWho Needs PCI Compliance, Exactly? | OTAVA<\/title>\n<meta name=\"description\" content=\"Any company that is going to accept credit card payments, and store, process, and\/or transmit cardholder data will need to follow the PCI DSS.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/who-needs-pci-compliance-exactly\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Who Needs PCI Compliance, Exactly?\" \/>\n<meta property=\"og:description\" content=\"Any company that is going to accept credit card payments, and store, process, and\/or transmit cardholder data will need to follow the PCI DSS.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/who-needs-pci-compliance-exactly\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2013-02-22T00:00:00+00:00\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/who-needs-pci-compliance-exactly\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/who-needs-pci-compliance-exactly\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"Who Needs PCI Compliance, Exactly?\",\"datePublished\":\"2013-02-22T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/who-needs-pci-compliance-exactly\/\"},\"wordCount\":481,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/who-needs-pci-compliance-exactly\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/who-needs-pci-compliance-exactly\/\",\"url\":\"https:\/\/www.otava.com\/blog\/who-needs-pci-compliance-exactly\/\",\"name\":\"Who Needs PCI Compliance, Exactly? | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"datePublished\":\"2013-02-22T00:00:00+00:00\",\"description\":\"Any company that is going to accept credit card payments, and store, process, and\/or transmit cardholder data will need to follow the PCI DSS.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/who-needs-pci-compliance-exactly\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/who-needs-pci-compliance-exactly\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/who-needs-pci-compliance-exactly\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Who Needs PCI Compliance, Exactly?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Who Needs PCI Compliance, Exactly? | OTAVA","description":"Any company that is going to accept credit card payments, and store, process, and\/or transmit cardholder data will need to follow the PCI DSS.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/who-needs-pci-compliance-exactly\/","og_locale":"en_US","og_type":"article","og_title":"Who Needs PCI Compliance, Exactly?","og_description":"Any company that is going to accept credit card payments, and store, process, and\/or transmit cardholder data will need to follow the PCI DSS.","og_url":"https:\/\/www.otava.com\/blog\/who-needs-pci-compliance-exactly\/","og_site_name":"OTAVA","article_published_time":"2013-02-22T00:00:00+00:00","author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/who-needs-pci-compliance-exactly\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/who-needs-pci-compliance-exactly\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"Who Needs PCI Compliance, Exactly?","datePublished":"2013-02-22T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/who-needs-pci-compliance-exactly\/"},"wordCount":481,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/who-needs-pci-compliance-exactly\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/who-needs-pci-compliance-exactly\/","url":"https:\/\/www.otava.com\/blog\/who-needs-pci-compliance-exactly\/","name":"Who Needs PCI Compliance, Exactly? | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"datePublished":"2013-02-22T00:00:00+00:00","description":"Any company that is going to accept credit card payments, and store, process, and\/or transmit cardholder data will need to follow the PCI DSS.","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/who-needs-pci-compliance-exactly\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/who-needs-pci-compliance-exactly\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/who-needs-pci-compliance-exactly\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"Who Needs PCI Compliance, Exactly?"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2288","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=2288"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2288\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=2288"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=2288"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=2288"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=2288"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}