GoDaddy Help

Secure payments

ALTEXT

Secure your website
Passwords & 2SV | Backup & restore
SSL | Firewall | Monitor & scan
Secure payments | CMS updates

Major credit card companies have regulations that you must follow to prevent customers' private information from falling into the wrong hands. If you collect payment information, you must follow these regulations, even if you don’t process the payment yourself.

Payment Card Industry Data Security Standards (PCI-DSS) include the use of a website firewall and an SSL certificate. These regulations ensure the secure transmission, storage and handling of cardholder information.

Why do I need secure payment?

You don’t want your visitors to hurt because they visited your site and trusted you with their personal information. And if the credit card companies find out you're violating the PCI-DSS regulations, there are penalties and consequences. These can include fines, suspension of ability to process credit card payments and liability for fraud charges.

What do I need to do?

Warning: This is not legal advice. There may be additional laws, regulations and guidelines related to your commerce website.

For all online stores

  • Reduce your attack exposure: With PCI-DSS, everything is about reducing opportunities for bad actors to get cardholder data. Even if you use a third-party payment processor such as Stripe, Recurly or PayPal, you must follow the PCI-DSS requirements. Here are a few tips to secure payments on your ecommerce website:
    • Reduce the number of people who can make changes to your site and online store, or access customer information.
    • Use good passwords and 2-step verification.
    • To avoid vulnerabilities, regularly update your CMS and plugins.
    • Reduce third-party components such as plugins, extensions or themes. Whenever you add new features or components to your website, you’re also introducing potential for a vulnerability that can be exploited.
    • Install software from reputable sources only.
    • Keep your server software up-to-date.
  • PCI compliance and secure payments: To maintain compliance, ensure your website and payment processing meets PCI-DSS Council requirements. Use the PCI Compliance Checklist to ensure you're fully compliant. Many online stores use a reputable payment gateway to help process credit card payments and transactions. While this can cover some PCI requirements, you're still responsible to make sure everything complies. Check out our guide to PCI compliance.

For fully managed online stores

For websites running managed stores, like Websites + Marketing Online Store, the server and all its software are proprietary, meaning you won't be held liable for security configurations.

You should still be familiar with the PCI-DSS standards, as they also apply to handling credit card data, either in person or over the phone. Use good passwords and 2-factor verification to protect your online store from being hijacked.

For self-hosted online stores

If you’re running a self-hosted store such as WooCommerce or Magento, ensure your server and software environments are secure and meet the PCI-DSS standards. This includes activating a web application firewall and installing an SSL certificate.

Share this article