Centennial Arts frequently gets asked the question of whether you can store credit card information within Magento. Unfortunately, the answer is not very clear when looking for an answer elsewhere including on the Magento website. To clarify the answer to this question, there are some things that need to be understood, such as why PCI Compliance is so important.
PCI compliance makes sure merchants safeguard their customers’ payment card information, which means following security requirements that include policies and procedures, software design and network architecture.
Centennial Arts Understands the Importance of Being PCI-Compliant on MagentoeCommerce Services
Being PCI-compliant is not an option for merchants who process credits cards and store cardholder information. The credit card associations require merchants to securely handle this information at all times. Those who fail to comply with PCI requirements can expect significant fines, which can also result in cancelling their ability to process payments.
Let Centennial Arts help you make sure your Magento eCommerce store is PCI-compliant. We are one of very few companies who offers Magento eCommerce application support for any issues that may arise with your online store. Our Support Packages include bug fixes, text and code changes, consulting on all aspects of your website, training of online documentation and phone support to ensure our clients individual design and support needs are met.
How to be PCI-Compliant on Magento
with Centennial Arts
You have a few options on how to achieve PCI compliance in Magento. However, it might require some changes to how you handle credit card processing. Take not of Magento Professional and Enterprise Editions — Magento did not make the software itself PA-DSS certified. They actually created a separate platform, called “Payment Bridge” that handles all of the credit card processing, and this stand-along system is PA-DSS certified. Using this for processing credit card transactions means the onus is no longer on the eCommerce platform, but specifically on the processing system (Payment Bridge). There are a number of reasons for this, but it simply allows Magento to have some creative liberties with the platform and not have to jump through hoops with every upgrade in ensuring that each release gets re-certified.
While Payment Bridge is not currently available for Community Edition, there are several options for achieving PCI Compliance on Magento, including:
Third party payments such as PayPal express can be used. If you select this option you won’t have to be PCI compliant yourself, because you don’t have to store credit card information on your server. However, in this case, you have to consider that your customers will be redirected to the site of the payment process and will have to leave your website. This might be inconvenient and interrupt the buying process.
Another option is utilizing a SaaS PCI compliant payment application, for example CRE Secure which is PCI compliant. While the customer is still taken to another website (URL changes), the form may be customized took consistent with your store.
Lastly, you can use the Magento Payment Bridge, which is PA-DSS compliant. It is available free of charge with the purchase of Enterprise and Professional Editions of Magento and requires an upgrade from Community Edition. If you decide to do this, there are technical requirements for PCI compliant hosting (website and database). This is the ideal option from the three mentioned here since it provides a seamless user experience but also the most expensive one.
These are just a few of the ways you can ensure PCI compliance when storing credit card information on Magento. Don’t hesitate to contact us here at Centennial Arts with the link below for more information or if you have questions!