*More info at http://www.pcicomplianceguide.org/pcifaqs.php*
What is PCI? The Payment Card Industry (PCI) Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. Essentially any merchant that has a Merchant ID (MID).
The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with focus on improving payment account security throughout the transaction process. The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB.).
It is important to note, the payment brands and acquirers are responsible for enforcing compliance, not the PCI council.
Info about PCI compliance on Magento can be found here:
Magento Secure Payment Bridge is compatible with Magento Enterprise 1.8, 1.9, 1.10, 1.11 and 1.12
Regarding Magento CE (from http://servertune.com/kbase/entry/243/):
Is Magento Community Edition (CE) PCI compliant?
The answer is yes, if you do the following:
- Do NOT configure Magento to capture and save Credit Card information locally (in your database).
- Use one of the Merchant Services including Paypal or Google Checkout to process payments for you.
- Make sure your dedicated server and/or VPS is PCI compliant. If not, you can either contact us and we will be more than happy to make your dedicated server or VPS PCI compliant. Or, go to: Magento Secure Payment Bridge