The best way to handle credit card data on a site is to use a third-party payment processor. Most eCommerce platforms support third-party processors by default, including WordPress platforms. By handling credit card data this way, you can avoid dealing with a complicated set of security policies called PCI-DSS.
There are plenty of third-party processors to choose from, and Flywheel works with nearly all of them. A few of these processors include: Braintree, Authorize.NET, Stripe, and PayPal. Flywheel also works with nearly every WordPress eCommerce product. These eCommerce solutions tie into the third-party processors mentioned above for managing your products, shopping carts, and checkout process. Some of these eCommerce platforms include: WooCommerce, Cart66, Shopp, and MarketPress.
Flywheel meets PCI-DSS requirements for sites that don’t process, handle, or store credit card data. That means, as long you’re using a third-party processor to handle credit card data, your site will meet PCI-DSS requirements.
Questions come up about PCI-DSS compliance a lot, and there’s a lot of confusion about what PCI-DSS means. It’s impossible for any web hosting company, Flywheel included, to be PCI-compliant. Becoming fully PCI-compliant requires that you provide information about things like: how you control access to your site, who can access your codebase, how you store data on the server, how your site’s data is transferred, and more. As your web host, Flywheel doesn’t have control over most of those things, and therefore can’t be PCI-compliant.
Like we mentioned above, since Flywheel itself cannot be PCI-compliant, the best way to handle credit card data and remain PCI-compliant is by using a third-party processor. That way, the transaction is processed through a separate service that is itself PCI-compliant. By doing this, you’ll be sending customers to a payment processor that is better equipped to handle credit card data without having to worry.
Flywheel takes security very seriously, and we have strict policies and procedures regarding physical access to servers, how data is stored, how we log activity, and more. Many of those things are part of meeting PCI requirements, but don’t make you “PCI-compliant” automatically.
PCI-DSS compliance is the responsibility of the site owner, and the best way to be compliant is to design your site in a way that doesn’t require PCI compliance at all.
Flywheel’s servers are always prepared to handle your eCommerce needs!
If you have any questions our Happiness Engineers are here to help!
New to Flywheel? Start here, we've got all the information you'll need to get started and launch your first site!View all
Learn all about managing your Flywheel user account, Teams and integrations.View all
Everything about billing, invoices and payments can be found here.View all
Flywheel hosting plans include a ton of great features. Learn about how to get a free SSL certificate, set up a staging site, and more!View all
All the server and setting info you'll need to help you get the most out of your Flywheel hosting plan!View all
Tips and tricks for managing your sites on Flywheel, including going live, troubleshooting issues and migrating or cloning sites.View all
Learn how to connect, deploy, and more with SSH on Flywheel's platform.View all
Learn more about Growth Suite, our all-in-one solution for freelancers and agencies to grow more quickly and predictably.
Getting started with Growth Suite
Growth Suite: What are invoice statuses?
Growth Suite: What do client emails look like?
Learn more about Managed Plugin Updates, and how you can keep your sites up to date, and extra safe.
Managed Plugin Updates: Database upgrades
Managed Plugin Updates: Pause plugin updates
Managed Plugin Updates: Plugin Security Alerts
We can help! Check out our Brand Resources page for links to all of our brand assets.Brand Resources