PCI-DSS Compliance & Sightly

The following document defines PCI-DSS and the compliancy requirements for your Sightly storefront to accept payments.

What is PCI-DSS

PCI-DSS (Payment Card Industry Data Security Standard) is a set of actionable rules defined by the Payment Card Industry Security Standards Council to develop and drive adoption of data security standards and resources for safe payments worldwide.

These rules apply to anyone who stores, processes, or transmits cardholder data, which, at a minimum, consists of the full primary account number (PAN) – a unique payment card number that identifies the issuer and the particular cardholder account. For more information about PCI-DSS, please review the Quick Reference Guide here.

Do I need to be PCI-DSS Compliant?

If you plan to store, process, or transmit cardholder data, then you will need to be PCI-DSS compliant.

If, you are taking payments off server from a PCI-DSS compliant gateway that uses its own servers to take payments (Stripe, Elavon) and you are not collecting, transmitting, or processing cardholder data, PCI-DSS is not applicable to you.

Recommended Payment Gateways

At Sightly, we utilize two payment gateways to accept PCI Compliant payments with our Sightly ePayments offering

  • Elavon - Converge
  • Stripe

What makes Sightly ePayments PCI Compliant?

Sightly ePayments uses a hosted payment field for handling all payment card data, so the cardholder enters all sensitive payment information in a payment field that originates directly from our partner’s PCI DSS validated servers. This means the information is not directly stored on your Sightly storefront.

Sightly ePayments is built in partnership with Stripe & Elavon Converge. Along with this information, the Stripe team has written their own in-depth article, A guide to PCI compliance. The Elavon team team has written their own in-depth article, Security and PCI DSS compliance validation.

What data is stored?

Sightly stores the data entered in the other checkout fields, such as name, address, country, etc. This data is separate from the card data such as the long card number, and CVC.

PCI-DSS Core Requirements

The 12 core PCI-DSS requirements can be found on the PCI web site

Further Information

If you require further information, please contact us on our Support page.