Do I need PCI compliance certification?
What is PCI compliance?
The Payment Card Industry Data Security Standard (PCI-DSS) mandates requirements for secure handling of payment card account data to prevent exposure of that data to unauthorized parties, reducing the potential for card fraud due to theft of card account details. Systems which handle card payments must undergo an annual audit to certify that they adhere to this security standard and are thus "PCI compliant".
Do E-junkie sellers need to get certified for PCI compliance?
Unlike a traditional "licensed" e-commerce software package that gets installed on your server, E-junkie is a "hosted" e-commerce service which is centrally-managed on our servers and shared in common among all sellers using our service to sell online. Since your server does not handle any actual payment-related data when you use E-junkie, you should not need to certify PCI compliance yourself, as our system is already certified PCI compliant and audited for this annually. This is somewhat akin to driving a rental car, where you don't need to handle vehicle registration because the car has already been registered by the rental agency.
For sellers who use our service with a supported payment gateway to accept card payments directly into their merchant account, we would host the secure checkout page for such payments, which simply transmits the buyer's card data directly to the payment gateway via secure channel without retaining a record of the buyer's card account data at our end. Our system is pre-integrated with the payment gateways we support, so all their security vetting requirements and other back-end technical details have already been attended to -- all you need to do is follow our integration procedure for the payment service(s) you wish to use, then card-based checkouts instantly "just work" from your E-junkie cart right away.
Not using a payment gateway?
For the other payment processors we support (PayPal Payments Standard and ClickBank), payment is arranged entirely on the payment processor's secure checkout site independently of our system, then the processor simply notifies our system when they have completed the buyer's payment, so we can log and process the buyer's order (issue download links, send emails, etc.). Our system would not handle any actual payment funds nor account data such as card/bank account details, so certification of PCI compliance at our end is not relevant in this case.