Need Help? Chat icon | Call - 1 888 414 7111
Merchant logo
Home > News and Blog

March 28, 2023
by David Goodale

PCI Compliance and WooCommerce - What You Need to Know

(Slightly edited from video transcript for greater readability)

Key Takeaways

Encryption is a must-have
Encrypt all cardholder data when stored or transmitted to avoid unauthorized access.
Use a secure payment gateway
Choose a payment gateway that is PCI compliant and SSL certified to reduce the risk of a breach.
Limit data storage
Store only the necessary card data and remove any data that is not needed to minimize potential losses.
Need help with this topic? Or a rate quote?
Whether its questions about this article, or you want to see how we can lower your costs. Don't hesitate to contact us.

Hello, David here at Today I'm going to talk about PCI compliance, WooCommerce and the challenges that it can sometimes pose. Stay tuned, we'll dive into the topic in just a moment.



WooCommerce is an amazing platform that is both free and popular, and it integrates seamlessly with WordPress. While no solution is perfect, there's not much to dislike about WooCommerce, which is why it's so widely used. One of the challenges of running your own software, as opposed to using a subscription-type platform like Shopify, is that if you're using Shopify, Shopify hosts your website on its own server. This means that if there's a problem with the server, someone at Shopify will quickly address it, and you won't have to worry about it. However, if you're running WordPress and WooCommerce, you'll be responsible for handling any technical issues.


PCI compliance

This brings us to the topic of PCI compliance. PCI, which stands for Payment Card Industry, is all about e-commerce security. As an online merchant, it's important to ensure that your website is PCI compliant in order to protect your customers' payment information and prevent data breaches.

How does your business handle sensitive credit card numbers? It's an important issue that all businesses have to deal with, but it can be a real pain. The best solution is to never touch or store credit card numbers at all. By redirecting users to another page when it comes time to enter their payment information, you can significantly reduce your scope of responsibility. If the payment page is hosted off your website, you'll qualify for SAQA, which is the easiest version of the PCI compliance questionnaire.

My point is that some payment gateways offer advanced integration methods that allow you to offload the handling of credit card data. This can make the process much simpler and more secure for your business, so it's worth looking into.

Does your payment gateway collect the credit card number?

Some payment gateways require customers to physically type their credit card numbers on your website. If you're using WordPress with one of these gateways, you'll likely need to complete one of the more advanced PCI compliance questionnaires. This is a challenge that you need to be aware of, and unfortunately, there's no easy solution.

One option is to use a payment gateway that doesn't require you to handle credit card data at all. Alternatively, you could look for a WordPress or WooCommerce hosting provider that is PCI compliant, which would help ensure that your environment is secure and make completing the questionnaire easier.

Ultimately, it's important to talk to your chosen payment processor and make sure you understand their requirements. Let them know that you're using WooCommerce and ask if the recommended payment gateway is the best option for your business.

If you're wondering how this affects your PCI compliance, your payment processor should be able to provide guidance on what you need to do to be compliant or offer advice on how to simplify the process. At, we assist with these types of issues regularly, so if you're a WooCommerce merchant and have questions about PCI compliance or payment processing, please don't hesitate to reach out to us.


I could provide further detail on this topic, so if you'd like a deeper dive, please leave a comment in the comments section. Ultimately, the ease of using WooCommerce for e-commerce and the level of PCI compliance required depend on the integration method used when sending transactions to your chosen payment gateway. I hope this explanation makes sense, and I hope I did a decent job of explaining it. Thanks for watching, and have a great day. Bye for now.

Related Topics
May 16, 2022
PCI Compliance is a complex topic that can leave businesses, and especially smaller merchants, intimidated at the prospect of accepting credit cards. In this entry we explore what merchants should know about the Payment Card Industry Data Security Standard.
September 07, 2022
Credit card security can be a pain to deal with. The best solution is to simply avoid touching or storing cardholder data. In this video David explains how to avoid credit card data, and how it impacts your PCI compliance audit. (Avoiding cardholder data makes it a lot easier!)

Need professional guidance?
Contact us for a free one hour consultation.

Can I Help Lower Your Processing Fees?

If you found this content helpful, will you give me the opportunity to quote on your business?

View Rates
David Goodale About the Author

My name is David Goodale, CEO at Merchant I launched our business in 2001 and have over 20 years of expertise in the field of online payments. If you have a payments related question or project, and especially if it relates to multi-currency or international e-commerce don't hesitate to contact me. I'm always happy to help with an honest opinion, and enjoy chatting with folks from interesting businesses.

Toll free: 888-414-7111 ext. 5
Direct: (905) 901-2254