PCI Compliance
PCI compliance involves meeting a set of security standards that keep your systems secure - specifically around keeping your customers payment card details safe. You can read more about it on the Payment Card Industry Security Standards Council website - link to external site opens in a new window.
If you are running an online store and you take payments via the site it's likely you'll need to ensure your site, and the server it runs on are PCI compliant.
There are some ways around this - for example, the payment processor Stripe (link to external site opens in a new window) have plugins for a number of modern Content Management Systems (CMS) like WordPress/WooCommerce to take payments without those details being passed through or stored on your hosting server. This removes the need for PCI compliance. You'd still need to ensure you meet all other current regulations, including things like GDPR for privacy - but that's separate from PCI compliance.
Krystal's Premium/Business Tier servers are regularly scanned and passed as PCI compliant.
This is great news for you - it means that all of the servers core components have been validated as secure.
However, this is only part of the story - we scan and secure the server against its default URL - but you run and are responsible for your own site. If you run a PCI compliance scan against a site that has not been appropriately configured and secured it is likely to fail.
We will always do our best to help you achieve a pass - whether that's helping you implement security improvements - or by providing a mitigating reason for you to submit to your testing organisation.
If you have any question about PCI compliance or resolving issues on your site please contact support via your Krystal Client Area.
