PCI compliance is a complex and multifaceted issue, covering every aspect of your business. We can't guarantee that your business is PCI-compliant. That depends on your server, policies, processes, regular security scans, other payment methods offered, and a lot more. What we can tell you is that this extension will not prevent you from being PCI compliant. We don't store or log confidential cardholder data, or do anything else that would bring you under scrutiny.
This extension implements CyberSource Secure Acceptance Hosted Checkout for all our credit card forms, and does not support collecting credit card data by any other means. That means credit card data is entered directly on webpages hosted by CyberSource, and credit card numbers never touch your website or server directly. That makes the ParadoxLabs CyberSource payment method eligible for PCI v3.2 Self-Assessment Questionnaire A (PCI SAQ A), the simplest possible form and process.
Note that you must have SSL enabled on all checkout and login forms, and that this eligibility only applies to this specific payment method. Any other payment methods or credit card handling your business may perform will have its own SAQ eligibility, and may require you to complete a more stringent SAQ form.
For details on the SAQ types and what eligibility means, see "Self-Assessment Questionnaire Instructions and Guidelines (3.2)" (PDF, by PCI Standards Security Council).
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article