Fill out the SAQ-EP if you are a normal self hosted ecommerce site that outsources their payment to a 3rd party. Self Assessment Questionnaire (SAQ).
http://www.pci-initiative.org/content/saq-ep-partially-outsourced-e-commerce-merchants
https://www.pcicomplianceguide.org/saq-a-vs-a-ep-what-e-commerce-merchants-service-providers-need-to-know-now/
Worth noting that others may interpret this differently:
http://stackoverflow.com/questions/21484714/is-pci-saq-a-sufficient-for-an-ecommerce-website-with-a-custom-payment-page
https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/Why-is-SAQ-A-EP-used-for-Direct-Post-while-SAQ-A-is-used-for-iFrame-or-URL-redirect
Just fyi (shameless affiliate link coming up), WPEngine host is PCI Compliant “as long as no payment card data is stored, hosted, or otherwise processed by WP Engine…”
Leave a Reply