Do we need to be PCI DSS compliant on accepting credit card payments?
Posted on 2008-10-30
Authorize.NET claims that AIM method can be used to make the customers enter the Credit Card information in our website and that the transaction happen in the background. Typically, I assume that the CC data is transferred to them. PCI DSS states that:
"A company processing, storing, or transmitting payment card data must be PCI DSS compliant. Non-compliant companies who maintain a relationship with one or more of the card brands, either directly or through an acquirer risk losing their ability to process credit card payments and being audited and/or fined"
We would like to use AIM method of Authorize.NET (on an internet merchant account) on our SSL page to accept (or transfer) CC payment from our customers. Do "we" need to get PCI DSS compliance and does it cost $?