Payments - PCI Compliance

PCI Compliance is an important security measure to protect credit card data. If payment integration is with Global Payments (OpenEdge), CardConnect, Square, or PayPal, they are automatically PCI compliant as the card data passes directly from client to merchant provider, but for others (, PayJunction), it runs through our server first, and even though we don't store the card details, since it first goes through our server before passing to the merchant gateway, it would be deemed non-compliant.

Many merchant providers charge a PCI compliance fee or non-compliance fee. Sometimes they tell you it's because you aren't compliant and sometimes they tell you the fee is passed on to you to cover their own costs to be PCI compliant. Either way, it never hurts to call and ask your merchant provider to see if you can avoid those fees.

Global Payments (OpenEdge)

To avoid a monthly non-compliance fee showing up on your merchant account statement, please read the following. You'll need to fill out the questionnaire when you first start, and then also annually (you should get an email notifying you of this)


1. Go to and login
2. Answer the basic info about your business
3. Payment Related Services: No
4. Processing Method, choose: Processing using a shopping cart
4a. Shopping Cart: Payment page entirely outsourced

5. For the company policy, choose the 'I do not have one, I will implement template'
6. Scan site, wait for email in a few days to resolve issues.
7. The scan results will need manual intervention to resolve: 
- mark related hosts to no
- in special requests mark all as 'securely implemented'
- in the vulnerabilities, filter by pci compliant No, and mark as false positive with reason: security patches are applied nightly

Video walk-through:

Card Connect

SecureTrust is their compliance partner. You can reach them at 877-257-0239. You'll need your merchant number. When they ask you how you accept payments, you need to answer as follows: "I use CardConnect's Hosted iFrame tokenizer."

Below is a guide to accurately answer the CardConnect PCI questionnaire.

Square & PayPal

No action is needed.

Is this article helpful?
0 0 0