What is PCI compliance?
The Payment Card Industry Data Security Standard (PCI-DSS) mandates requirements for secure handling of payment card account data to prevent exposure of that data to unauthorized parties, reducing the potential for card fraud due to theft of card account details. Systems which handle card payments must undergo an annual audit to certify that they adhere to this security standard and are thus "PCI compliant".
Do E-junkie sellers need to get certified for PCI compliance?
Unlike a traditional "licensed" e-commerce software package that gets installed on your server, E-junkie is a "hosted" e-commerce service which is centrally-managed on our servers and shared in common among all sellers using our service to sell online. Since your server does not handle any actual payment-related data when you use E-junkie, you should not need to certify PCI compliance yourself, as our system is already certified PCI compliant and audited for this annually. This is somewhat like driving a rental car, where you don't need to worry about vehicle registration because the car has already been registered by the rental agency.
Sellers who maintain a card merchant account at their bank can use our service with Authorize.Net to take card payments directly, and in that case we would host the secure checkout page for such payments, which simply transmits the buyer's card data directly to Authorize.Net via secure channel without retaining a record of the buyer's card account data at our end. Our system is pre-integrated with Authorize.Net, so all their security vetting requirements and other back-end technical details have already been attended to -- all you need to do is enter your Authorize.Net API Login ID and Transaction Key in your E-junkie Seller Admin, then card-based checkouts instantly "just work" from your E-junkie cart right away.
Not using Authorize.Net?
For the other payment processors we support, our system does not handle any actual payment funds nor account data such as card/bank account details, so certification of PCI compliance is not relevant in this case. Most of our sellers simply integrate their E-junkie account with an independent payment processor such as PayPal or Google Checkout which have their own, secure checkout site to handle the actual payment phase of the buyer's purchase, then the processor simply notifies our system when they have completed the buyer's payment, so we can log and process the buyer's order (issue download links, send emails, etc.).
