1

If I run a shopping cart application, does the web server need to be PCI compliant? The reason I ask because of the fact that I don't process the payments on the site anyway. The main payment method will be through Paypal.

I have not decided yet which shopping cart application that I will use: it could be one of the followings: opencart, magento, zen-cart

Thank you for your input.

AakashM
  • 62,551
  • 17
  • 151
  • 186
user152235
  • 89
  • 1
  • 6
  • hard to answer. The only question there is "does the web server need to be PCI compliant?". Web server has nothing to do to the PCI ... imho. – TarasB Dec 12 '10 at 08:07

1 Answers1

1

No

Since paypal will be handling credit card data.

see pci compliance faq

Q: To whom does PCI apply?

A: PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. Said another way, if any customer of that organization ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply.

Community
  • 1
  • 1
Ape-inago
  • 1,870
  • 1
  • 13
  • 27
  • No problem, I didn't even know what pci compliance was before this, but that site is very authoritative. I learned something too! – Ape-inago Dec 14 '10 at 15:19