I'm wondering if anyone can give me some advice. The whole idea of PCI compliance, frankly frightens me to depth and looks like it costs a fortune for small businesses.
I've been wanting to take card payments online through my virtuemart store, as more and more customers are wanting direct card payments.
My current options are paypal, cheque & postal order. I've partly solved the problem by signing up for a virtual terminal with PayATrader. Which allows me to take card details over the phone and input the details straight into the terminal (PCI compliant as long as I don't record any of the details, which I don't).
Taking orders over the phone means they must ring when I'm 'working' (self-employed),or when I'm not looking after my son (full-time carer). Which doesn't happen often!
However I've found an addon for virtuemart which takes users card details at the checkout. It states its self as PCI compliant because it stores half the card number in the database and the other half in the admin back end. Therefore at no one point is there a complete card number accessible.
I've been debating whether to get it, the last thing I want to do is get into trouble. Does it sound too good to be true? Would I still need or the server virus scans and whatever restrictions they put in place to be PCI compliant.
Being able to take card payments at the checkout will give me a distinct advantage.
Any ideas?
I've been wanting to take card payments online through my virtuemart store, as more and more customers are wanting direct card payments.
My current options are paypal, cheque & postal order. I've partly solved the problem by signing up for a virtual terminal with PayATrader. Which allows me to take card details over the phone and input the details straight into the terminal (PCI compliant as long as I don't record any of the details, which I don't).
Taking orders over the phone means they must ring when I'm 'working' (self-employed),or when I'm not looking after my son (full-time carer). Which doesn't happen often!
However I've found an addon for virtuemart which takes users card details at the checkout. It states its self as PCI compliant because it stores half the card number in the database and the other half in the admin back end. Therefore at no one point is there a complete card number accessible.
I've been debating whether to get it, the last thing I want to do is get into trouble. Does it sound too good to be true? Would I still need or the server virus scans and whatever restrictions they put in place to be PCI compliant.
Being able to take card payments at the checkout will give me a distinct advantage.
Any ideas?