Is my website PCI DSS compliant? Yes, assuming you are not using an offline credit card payment method that stores details on your computer or website then woocommerce is PCI DSS compliant for the aspects that are relevant to this policy.

To ensure you stay compliant:

  1. Choose a trusted, secure hosting provider – preferably one which claims and actively promotes PCI compliance. Cheap, shared hosts are unlikely to cover this.
  2. Use security best practices when setting passwords and limit access to your server.
  3. Never store credit card details anywhere.
  4. With the aid of your hosting provider, implement SSL to keep your checkout secure.
  5. Keep installed plugins to a minimum; remember, compliance covers all installed software so that includes plugins and WordPress itself.
  6. Keep plugins up to date to ensure latest security fixes are present.
  7. Working with your payment processor, use an ASV (approved scanning vendor) to scan your site and find issues – fixing any identified issues until passing the scan.

For more details and a longer explanation check this:

docs.woothemes.com/document/pci-dss-compliance-and-woocommerce/

Tagged: