Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: buckworks
My understanding is that the full dedicated server business is for businesses that are storing the whole works...full account numbers, expirations, magnetic stripe data etc.
Thats not true if you are on a shared server your next door neighbor might install some maleware on the server or exploit your script to save the credit card info just keep your imagination running
I host at rackspace and was quoted $7,000 to $10,000 per MONTH for PCI Compliance.
The card data is not on the server. We send it all through the gateway. That is MY POINT. We does someone like me even need to be PCI Compliant.
Don't necessarily offload credit card processing to a 3rd party, as someone suggested above. While it's true that you're not in the business of "processing payments", you are in the business of "order management", and a seemless Shop/ Checkout/ OrderStatus/ Reorder experience for the customer reflects a professional website, much more than a boomerang payment system that bounces a shopper to a different url for payment details. Especially for foreign shoppers, who might not recognize the url of a payment processor.
much more than a boomerang payment system that bounces a shopper to a different url for payment details.
When I discussed my procedure with my CC processing company, I was told that I didn't need PCI compliance with the way I'm doing things.