Another Pci Compliant Question

I have sent the following email to cs-cart help desk ,but would like other opions on this matter.


Since we started with cs-cart ver 1.x we use A2 Hosting as your site stated that it was on your list of suggested hosting providers. As I have been learning about PCI compliance, I found this information on a2 hosting site:

Do you support PCI compliance?

The short answer is that A2 Hosting does not support PCI compliance. However, you can use a third-party shopping cart API (application programming interface) on your site to ensure PCI compliance.

Were as some other hosting providers state that there servers are PCI compliant.

So should I be changing hosting providers?


Is there any suggested PCI compliance scan service?

We use to do offline processing but had some problems, so a quick fix was to use paypa. We have multiple problems with paypal, from the account people on my back about the high transaction cost, for us it averages almost 4%, The biggest problem is that we are losing 10% of our sales due to our customers are mainly little old ladies, and through another hoop for them to jump through(paypal), the drop the order.

We can use Sage payment solutions with a great rate and the site will run just like it did in the past.

We just want to make sure we are protecting the customer and ourselves with the PCI compliance.

Thanks for any input on this matter?

David Dewitt

You could use Stripe as your payment processor. Because of the way they process payments, you are out of scope for PCI as the PCI compliance burden is on them, not you. I've been using them for over a year and very happy.

Go to to read more and sign up.

I'm guessing that strip is another service like PayPal. looks like the pricing is the same. 2.9% +.30

Currently I'm concerned about the hosting provider saying: The short answer is that A2 Hosting does not support PCI compliance

Well the difference is that there is no gateway fee of $30 with Stripe. Also, because of the capture method they use, you as the merchant are out of scope for PCI…that burden is carried by them.

I don't know that any web host carries the PCI burden.

I think your host missunderstood what you were asking. I believe they think you asked “is the cart services you provide PCI compliant?”. What I think you want to ask them is “is my account PCI compliant” The server complies with PCI and the application complies with DSI.