To know whether a PayPal user has to be PCI Compliant, first we should know, from where did the PCI DSS Compliance term initiated. PCI DSS Compliance is a number of requirements set up by major card brands to make the payment card data more secure and free from breaches, as well as to make the transaction process free from any trouble.
The five major card brands American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. International, combined their security requirements and brought the standards in existence on 2004. PCI DSS was built in order to adopt steady security measures worldwide.
PCI DSS requires every single merchant processing, transmitting, or storing payment card data to be PCI DSS Compliant. The requirements are necessary due to the great security they provide to company’s and customer’s information.
Why do PayPal users need to be PCI Compliant?
A customer shopping online needs to pay for the stuff he is purchasing. In order to pay customer goes and clicks on pay button and buys the stuff through his bank account, credit card or PayPal. In this case the customer is paying using PayPal and hence the payment is done on a secure page hosted by PayPal.
As PayPal stores credit card account data of customer, so it is necessary for PayPal to be PCI Compliant. You don’t have to worry a bit about the protection of your payment card data and there is no need for you to restrict access to your payment card data. All of this is because PayPal is PCI Compliant and it maintains and regularly verifies the Website Payments Standard’s security to give the right protection it can to its customer’s data. By putting in so much effort and passion, PayPal has accomplished winning more customers and is able to provide best services to its customer.
How Successful PayPal has been
Website Payments Standard has got PCI DSS Compliance certification under MasterCard Site Data Protection Program and Visa Cardholder Information Security Program. Not only this but PayPal has been awarded certification by American Institute of Certified Public Accountant’s Statement of Auditing Standards #70 (SAS70). This certification awarded to PayPal proves the efforts PayPal puts in to secure its sensitive customer payment card data. Furthermore, fulfilling the Website Payments Standard makes PayPal even more decorated.
What Businesses must do
Businesses collecting payment card data for processing online payments are required to:
· Build and manage a secure network to provide protection to payment card data.
· Protect cardholder information.
· Develop a vulnerability management program.
· Monitor and test networks on a regular basis.
· Make a data security policy.
· Put strong access control into practice.
Everything has a price to pay and to fulfill these requirements you need a lot of time and money. Website Payment Standards sure does cost a handsome amount of money; but manages all your customer data so that you can spend more time and resources on running your business and in providing services to your customers.