We’re a small, online-only shop using a “small company” that processes our customers’ credit cards with first-party data. Our store runs on Shopify. About two months ago, I received an email from our credit card processor, stating that their in-house PCI compliance would be “migrated to the Clover Security PCI Program.” When I visited the Clover website, it mentioned that all you had to do was answer a few short questions to become compliant, which I did. However, now it’s asking me to run a “PCI DSS External Vulnerability Scan” and answer 276 more questions. Is this legit? The website is terrible; it’s not mobile-friendly, some options aren’t available when prompted to choose from a list, and half the buttons don’t work.
TLDR: Is Clover PCI compliance legit and necessary?
Yes, Clover PCI compliance is legitimate and necessary. PCI compliance refers to the Payment Card Industry Data Security Standard (PCI DSS), which is a set of security standards designed to protect cardholder data. These standards are created and enforced by the PCI Security Standards Council (PCI SSC) and are essential for any business that processes, stores, or transmits credit card information.
Yes, Clover PCI compliance is legitimate. Clover point-of-sale devices are PTS certified, which means they meet the standards set by the Payment Card Industry (PCI) for security. The critical component of this certification is point-to-point encryption (P2PE), which helps protect payment data during transactions, reducing the PCI compliance burden for merchants.
It is legitimate, yes. I’ll also add something that the others did not address: cyber insurance. You risk being dropped or having your fee increased if you are unable to demonstrate PCI compliance.