Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

Business

David Warren
David Warren
1,803 Points
Posted by David Warren
David Warren
1,803 Points

PCI

I've just about got my website ready to go. Its a wordpress site that uses PaidMembershipPro. We are using stripe as our gateway, and I think we need to be PCI compliant. My only problem is, I don't know the first thing about being PCI compliant. Is there a way to get this done, without spending a week on it? Or am I about to embark on an epic journey of learning?

Ralph Bankston
Ralph Bankston
3,889 Points

Hi David,

Does your site process the payment and send the information via the api to stripe or do you redirect to stripe and then the customer gets sent back? If its the first case then you will need to be PCI compliant. If it is the second then you shouldn't have to be since you aren't "processing" the payments. You can start by contacting a PCI scanner. A list of them can be found at https://www.pcisecuritystandards.org/approved_companies_providers/approved_scanning_vendors.php A few easy things to make sure of before starting is if you're on shared or dedicated hardware. Multiple hosting companies won't alter running servers in order to proceed with pci compliance.

David Warren
David Warren
1,803 Points
David Warren
David Warren
1,803 Points

Thanks Ralph! I appreciate the redirect.

2 Answers

Hampton Paulk
Hampton Paulk
5,093 Points
Hampton Paulk
Hampton Paulk
5,093 Points

Hi David,

It seems, from a little research, that Stripe is currently PCI compliant. See this link

Also, if you want a lot more info, check the link below.
PCI Wiki

James Barnett
James Barnett
39,199 Points
James Barnett
James Barnett
39,199 Points

There's a near infinite amount of misinformation around PCI and people assuming they are compliant when it's highly likely they are not.

To get some understanding of how PCI applies to your business check out

https://www.pcisecuritystandards.org/pdfs/PCI_DSS_v2_eCommerce_Guidelines.pdf

However it's hard to understand how those very general guidelines apply to your specific situation and the only people who can definatively answer that question are Qualified Security Assessors (QSA).