1. Documentation
  2. WooCommerce Payments
  3. WooCommerce Payments FAQs

Is WooCommerce Payments PCI Compliant?

Overview ↑ Back to top

Yes, WooCommerce Payments itself is PCI compliant but merchants still need to be aware of the core PCI-DSS core requirements. For more general information, please see our PCI-DSS Compliance and WooCommerce documentation.

What makes WooCommerce Payments PCI Compliant? ↑ Back to top

WooCommerce Payments uses a hosted payment field for handling all payment card data, so the cardholder enters all sensitive payment information in a payment field that originates directly from our partner’s PCI DSS validated servers. This means the information is not directly stored on your site.

What is stored on with WooCommerce? ↑ Back to top

WooCommerce stores the data entered in the other checkout fields, such as name, address, country, and so on. This data is separate from the billing field data such as the long card number, and CVC.

What about saved cards / Subscriptions? ↑ Back to top

When a customer purchases on your site and they store their payment method for future use, or when using our own WooCommerce Subscriptions, your site needs to “know” those details to be used again. WooCommerce Payments uses a token and API based approach. In short, this means your site will communicate with our payments system using the WordPress.com connection and then will request the details using a payment token. Customer payment method details such as card number and CVC, are not stored on your site.

Further reading ↑ Back to top

WooCommerce Payments is built in partnership with Stripe. Along with our own general documentation, the Stripe team has written their own in-depth article, A guide to PCI compliance.

WooCommerce - the most customizable eCommerce platform for building your online business.

  • 30 day money back guarantee
  • Support teams across the world
  • Safe & Secure online payment