PCI Compliance
PCI compliance requires meeting security standards that protect your systems, specifically your customers' payment card data. For more details, visit the Payment Card Industry Security Standards Council (opens in a new window).
If you run an online store accepting payments, your site and server likely need to be PCI compliant.
There are ways around this —payment processors like Stripe offer plugins for CMS platforms like WordPress/WooCommerce to handle payments without storing card details on your server, which bypasses the need for PCI compliance. You must still meet other regulations like GDPR for privacy, but this is separate from PCI compliance.
Krystal’s Premium/Business Tier servers are regularly scanned and certified PCI compliant, ensuring core server components are secure.
However, PCI compliance requires that you have your site scanned by a PCI compliance scanner. These scans may return failures, such as Common Vulnerabilities and Exposures (CVEs), which are often part of the process. These scanners only analyze external aspects of your site and lack insight into its internal configurations, so they may flag false positives. You’ll need to review and submit these false positives to your scanning provider to achieve a pass.
For help with this, refer to our False Positive Guide (link opens in a new window).
