Can I outsource PCI by outsourcing card processing?

No. The belief that outsourcing card processing makes an organisation automatically compliant is one of the top 10 myths listed on the PCI Security Standards Council website:

Organisations still need to address:
• Policies and procedures for cardholder transactions and data processing.
• Protecting cardholder data when you receive it
• Processing charge backs and refunds.
• Ensure that providers’ applications and card payment terminals comply with respective PCI standards

Outsourcing card processing to PCI compliant Gateways (such as Eway) can be a good solution for small to medium enterprises and can simplify the process of becoming compliant.

Posted in FAQ.