The best way to handle credit card data on a site is to use a third-party payment processor. Most eCommerce platforms support third-party processors by default, including WordPress platforms. By handling credit card data this way, you can avoid dealing with a complicated set of security policies called PCI-DSS.
There are plenty of third-party processors to choose from, and Flywheel works with nearly all of them. A few of these processors include: Braintree, Authorize.NET, Stripe, and PayPal. Flywheel also works with nearly every WordPress eCommerce product. These eCommerce solutions tie into the third-party processors mentioned above for managing your products, shopping carts, and checkout process. Some of these eCommerce platforms include: WooCommerce, Cart66, Shopp, and MarketPress.
Flywheel meets PCI-DSS requirements for sites that don’t process, handle, or store credit card data. That means, as long you’re using a third-party processor to handle credit card data, your site will meet PCI-DSS requirements.
Questions come up about PCI-DSS compliance a lot, and there’s a lot of confusion about what PCI-DSS means. It’s impossible for any web hosting company, Flywheel included, to be PCI-compliant. Becoming fully PCI-compliant requires that you provide information about things like: how you control access to your site, who can access your codebase, how you store data on the server, how your site’s data is transferred, and more. As your web host, Flywheel doesn’t have control over most of those things, and therefore can’t be PCI-compliant.
Like we mentioned above, since Flywheel itself cannot be PCI-compliant, the best way to handle credit card data and remain PCI-compliant is by using a third-party processor. That way, the transaction is processed through a separate service that is itself PCI-compliant. By doing this, you’ll be sending customers to a payment processor that is better equipped to handle credit card data without having to worry.
We’re happy to work with you to get an eCommerce site set up safely and securely, from implementing a third-party payment processor to setting up an SSL certificate on your site.
Flywheel takes security very seriously, and we have strict policies and procedures regarding physical access to servers, how data is stored, how we log activity, and more. Many of those things are part of meeting PCI requirements, but don’t make you “PCI-compliant” automatically.
PCI-DSS compliance is the responsibility of the site owner, and the best way to be compliant is to design your site in a way that doesn’t require PCI compliance at all.
Questions relating to payments, billing and managing your account on Flywheel.15 Articles
Learn everything there is to know about what Blueprints are, how to create them and how to make the best use of them.5 Articles
How to access your WordPress database to make changes and update content.3 Articles
Details about how to manage DNS and point your domain names at Flywheel.14 Articles
The most commonly asked questions, and a few we just think you should know.27 Articles
Questions that don't fit elsewhere, or those about Flywheel in general.56 Articles
Everything you need to know to get your first Flywheel site up and running.17 Articles
Everything you need to know about our amazing, free local WordPress development software for Mac and PC.20 Articles
Everything you need to know about managing your team with our Organizations feature.8 Articles
Which plugins work best, which plugins work worst, and everything in between.7 Articles
Details about everything Flywheel does to makes your site so secure.15 Articles
Information on setting up and troubleshooting with SFTP connections and file transfers.5 Articles
All there is to know about our free, automatically installed and activated SSL certificates.8 Articles
How to get the most out of Staging, which allows you to duplicate a site, make changes, and then push those changes to the live site.6 Articles
Everything you need to know about our Whitelabel subscriptions for branding and reselling Flywheel.4 Articles