Why You Should Outsource Your PCI Compliance

This post has been written by PayFast

First of all, what is PCI DSS Compliance? PCI DSS stands for Payment Card Industry Data Security Standard and is a PASA (Payment Association of South Africa) regulation in South Africa.  This means any company accepting credit card payments on their website needs to comply in some way. When you accept card payments on your website, you need to make sure you process cardholder data in a secure environment and this is where PCI compliance comes in.

Now, you could do this all yourself and there are companies that do. However, the process of becoming PCI Compliant is a tricky and laborious one, especially for small businesses who don’t have the manpower or technical ability to go through the process. Here are some steps you would need to follow to be PCI Compliant:

  • Continuously monitor firewalls and put in place intrusion detection systems and antivirus software.
  • Ensure that security control failures are detected and fixed immediately when they occur.
  • Build and maintain a separate and secure CardHolder Data network.
  • Ensure centralised and tamper-proof logging that is stored for at least 5 years.
  • Go through yearly reviews of hardware and software being used.

If the above information is giving you cold sweats, outsourcing is your friend. One of them is to use a payment processing service that is already PCI compliant, that way you don’t have to do a thing. Did we mention that PayFast is a PCI DSS Level 1 Service Provider? This means we’ve been through the above steps and are assessed annually to make sure our system is rock solid to protect you and your buyer’s information.

The way this system works is that when a buyer makes a payment on your site, they will be redirected to our payment page where they will enter their card details within a secure environment. This redirect process ensures that you keep well away from handling card information and maintain the most secure and reliable solution for your customers. 3D secure is handled on the same page to keep the user experience as seamless as possible while maintaining a sense of safety. Once payment has been made, your buyer will be redirected back to your site.

PCI Compliance is something PayFast takes very seriously and by offering a redirect payment procedure, our merchants don’t have to worry about being compliant because they never handle card details directly on their site. Without this redirect method, our merchants would need to brave the PCI process themselves. This is just one of the ways we help businesses avoid the red tape to get online and start accepting payments.

If you want more information about PCI’s Compliance read their Best Practices for Securing eCommerce document released earlier this year or contact our support team on support@payfast.co.za and we will give you all the information you need.