A little confused, if I outsource my credit card handling to say google or paypal, do I still need to pass PCI or it becomes irrelevant since I am outsourcing it?
A little confused, if I outsource my credit card handling to say google or paypal, do I still need to pass PCI or it becomes irrelevant since I am outsourcing it?
PayPal WebSitesPayment Pro and Google Checkout are PCI compliant so if you are not storing Credit Card information and just having them do the processing I don't believe that you should not need to do any additional PCI Compliance because you won't have a merchant account with anyone. You will still need to ensure that you have an SSL certificate for the site.
I would still however change from regular FTP to FTPES on your server and have all non-essencial ports blocked. If you have a dedicated server you might even change your RDC port (3389) to a different port. These are some PCI compliance steps and they just keep ALL user data a bit safer. They're also just good practice in general.