The Payment card industry (PCI) compliance is important for any site that allows online payments as it ensures the security of your customer's credit card transactions. Thus, it’s good to know that MemberPress by default is PCI compliant and that all purchases done through MemberPress' built-in payment options are safe.
This document will provide you with an overview of how your purchases are being processed on your site.
How Are Credit Card Details Handled With MemberPreess?
The important thing to mention here is that MemberPress doesn't do the charges directly. All your payments are processed by third-party payment services, like Stripe, PayPal, and Authorize.net.
Whenever your users fill in their data in the registration form, MemberPress will load the payment form directly from the selected payment gateway using the secured encrypted connection. This is the connection you set with your payment gateway through MemberPress settings (Dashboard > MemberPress > Settings > Payments).
The connection and the payment form allow payment gateways to collect the credit card information on your site directly from the user. This data is then securely stored in your payment gateway account.
Accordingly, this data is not stored or handled by MemberPress at any point.
How Are Credit Card Details Used?
Once a user submits the registration form on your site, MemberPress will transfer the user and subscription-related data from your site to your payment gateway account.
Your payment gateway will then use this data from the MemberPress form and combine it with the credit card data it collected for this user, to create a user’s subscription in your account and to charge the user. The subscription will be created based on the current membership terms you set for the membership user subscribed to.
Once the user is charged, the payment gateway will only send the transaction and subscription (for recurring subscriptions) details to the MemberPress plugin on your site, but no credit card details are returned.
Updating And Removing User’s Credit Card Details
The user’s credit card details will be saved on your payment gateway account only for recurring subscriptions. For one-time subscriptions, the data will be removed automatically after the payment is processed.
With recurring subscriptions, the payment gateway will continue charging the user for renewals using the credit card details it collected on the user’s registration. All renewals are done automatically and without additional communication with MemberPress plugin on your site.
In cases where a user needs to update their credit card details, they can do this through the MemberPress Account form on your site. Your payment gateway will save credit card details separately for every user's subscription. For this reason, the user will have the “Update” option next to each subscription in their account. Clicking this button will again call the payment form from your payment gateway and collect the new credit card details in the same way as it did when the user was subscribing.
The future renewal charges can be only prevented by canceling the subscription in MemberPress, in which case the subscription will be canceled on your payment gateway also. Once the subscription expires, payment gateways will automatically remove the user’s credit card details from your account.
How Is MemberPress PCI Compliant
As we previously explained, MemberPress doesn't store or directly process any credit card information at any moment. As a result, MemberPress is actually exempt from PCI compliance. Or another way to look at is that MemberPress is by default, compliant.
Further, MemberPress comes with integrations with Stripe and PayPal which are PCI-compliant. Authorize.net is also PCI compliant as well, but the integration is the least secure of the three. We are working with Authorize.net to build a better integration.
As previously mentioned, connecting your account on any of these payment services with your MemberPress is done through a secure connection. The credit card details are collected, stored, and handled by these PCI-compliant payment service providers.
Accordingly, providing payments only through PCI-compliant payment service providers without storing the credit card details of your users makes MemberPress PCI-compliant by default.
For more details on PCI compliance of the three mentioned payment service providers, please check their documentation:
Can MemberPress Provide PCI Compliance Documentation?
No, MemberPress cannot provide PCI Compliance documentation. If you require PCI compliance documentation you will need to reach out to your payment service provider.
Help?
Is this not working how you think it should even after following the instructions in the video? Feel free to send us a Support Ticket!
