It is exciting to finally have Secure Hosted Payments for WooCommerce live and ready for action. It has literally been years in the making. Combining simplicity with security is a tricky thing to do. Let me share a couple reasons why we built this app and why it might be something you’d be interested in checking out. It’s not often that “best” and “easiest” come together in the same place.
Secure Hosted Payments for WooCommerce
The name pretty much says it all, this service provides a secure, PCI compliant hosted payment page for your WooCommerce website. Over the last few years, e-commerce and WooCommerce have grown and, with that, the requirements for running a safe and secure e-commerce website have become more and more strict. Gone are the days when you might just write a PHP script to send credit card data to a payment gateway. If your web server touches any of the credit card information (often called cardholder data) then you have a long list of requirements and controls your server and website need to meet in order for your payment gateway to issue you an account. Secure Hosted Payments was built to maximize both the security and the ease of processing payments for your WooCommerce site.
Self-Assessment Questionnaires Explained
For small to medium e-commerce sites (which includes the vast majority all WordPress based stores) you need to comply with what is called a Self-Assessment Questionnaire. There are two different questionnaires that apply to most stores. There is the “easy” one called the SAQ A. Then there is the “hard” one called the SAQ A-EP. More specifically, the SAQ A has about 13 questions where you essentially state that a third party handles the details of processing payments for your site. The SAQ A-EP is 139 questions containing a lot of questions most people can’t even understand much less actually comply with. For example, here are the first two questions on the form:
- Is a firewall required and implemented at each Internet connection and between any demilitarized zone (DMZ) and the internal network zone?
- Is the current network diagram consistent with the firewall configuration standards?
The list goes on for over 130 more questions.
How To Avoid The Hard Questions
The SAQ A is clearly the questionnaire you want to fall be able to use so that you can answer your 13 questions and move on with your business. In order to use the SAQ A and avoid the painful questions of the SAQ A-EP you have to meet a few conditions. For e-commerce stores, the big condition is this:
All elements of the payment page(s) delivered to the consumer’s browser originate only and directly from a PCI DSS validated third-party service provider(s).
The two methods of meeting this requirement are currently:
- Use an iFrame to pull in the payment form hosted by a PCI compliant server where your customers enter their credit card data.
- Use a secure payment page hosted on a PCI compliant server.
Why Not Just Use An iFrame Then?
There are two items which may give you pause when considering the option of securing your customers payments with an iFrame. First, you have to buy and install your own SSL certificate. This adds cost and complexity to your hosting account. You’ll probably need to get a dedicated IP address for your site and you have to renew your SSL certificate at least once per year. In other words, there is added cost and hassle.
to something like this
Neither you nor your customers would have any idea that they were sending credit card data to criminals because your site’s checkout page would still look the same. You’d still have the SSL lock and everything. There is no visual warning that your site was hacked and you customers credit card data is getting sent to the bad guys.
The Safest Option
The most secure option is to have your entire payment page hosted on a secure, PCI DSS compliant server – and that is what Secure Hosted Payments for WooCommerce is. Here are the reasons why Secure Hosted Payments is most secure option for running a secure WooCommerce site:
- You don’t need your own SSL certificate
- Your entire page is securely hosted
- No hackers can access or change anything even if your WordPress site is hacked
Seamless Customization Is The Difference
There are other hosted payment page options out here. Some payment gateways offer a hosted payment page service. Also, there is PayPal which acts as a 3rd party payment processor. What makes Secure Hosted Payments for WooCommerce different from all other hosted payment pages is you skin your payment page with your WordPress theme. Even though your payment page is hosted on a 3rd party PCI DSS server, it still looks exactly like the rest of your WordPress site. Other service might let you pick colors or upload a logo, but Secure Hosted Payments actually imports your WordPress theme with a single click to provide a seamless experience. Your customers won’t even think the left your site.
The Best AND The Easiest
How often can you say that the same solution is both the best AND the easiest. Normally you would say something like, “Well, you can do it this way and it’s easy, but if you really want to most secure solution you need to do this harder thing.”
With Secure Hosted Payments for WooCommerce you can take the easy route and have the best, most secure solution.
If you’re looking for a great way to keep your payments safe and secure, head over to Secure Hosted Payments for WooCommerce.