What is PCI Compliance?
Payment Card Industry (PCI) compliance is an official policy, created by the major credit card companies and PCI Security Standards Council to ensure the overall security of credit card transactions. The guidelines refer to both technical and operational standards that all businesses must follow to protect consumer credit card data provided by cardholders.
Why is PCI Compliance Important?
PCI compliance helps you, as a merchant, as well as payment gateways, to avoid fraudulent activity and to reduce cardholder data breaches.
Are you responsible as a merchant?
The short answer is no. Stripe assumes this risk on your behalf, as they are the ones that store all cardholder data.
- Build and Maintain a Secure Network and Systems
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
In addition to the aforementioned benefits, there are also varying levels of PCI compliance based on the number of transactions processed yearly.
|LEVEL 1||6M+ transactions per year|
|LEVEL 2||1-6M transactions per year|
|LEVEL 3||20K-1M transactions per year|
|LEVEL 4||Less than 20K transactions per year|
Is Stripe Terminal PCI Compliant?
The BBPOS Chipper 2X BT from Stripe Terminal is pre-certified with Stripe, meaning that there is nothing additional your business will have to do to become PCI compliant. Because the connection from Stripe Terminal only communicates with Stripe, you do not need to store any cardholder information on your own servers. Everything is stored securely at Stripe, with the brightest minds in the industry protecting the data.
Are the Payment for Stripe apps PCI compliant?
The Payment for Stripe apps are Verified Stripe Partners, which have already integrated with Stripe Terminal. In essence, this means that the Payment for Stripe apps, while using all of the proper tooling and software development kits from Stripe, are also pre-certified to be PCI compliant. The Payment for Stripe apps do not store any cardholder data, as all information is just passed along to Stripe using the highest security standards available.
In addition, when manually keying in cardholder information, the Payment for Stripe app has also completed a PCI-DSS Self Assessment (the most recent standard from May 2018) to the satisfaction of both Stripe and the major credit card companies. Since Payment for Stripe does not store any cardholder data, there is no risk of a data breach.
The only company you have to worry about having your cardholder's financial information is Stripe.
Learn more about the Stripe Terminal Card reader for the Payment app: Card Readers