Is WooCommerce Payments PCI Compliant?

Overview ↑ Back to top

Yes, WooCommerce Payments itself is PCI compliant but merchants still need to be aware of the core PIC-DSS core requirements. For more general information, please see our PCI-DSS Compliance and WooCommerce documentation.

What makes WooCommerce Payments PCI Compliant? ↑ Back to top

WooCommerce Payments uses a hosted payment field for handling all payment card data, so the cardholder enters all sensitive payment information in a payment field that originates directly from our partner’s PCI DSS validated servers. This means the information is not directly stored on your site.

What is stored on with WooCommerce? ↑ Back to top

WooCommerce stores the data entered in the other checkout fields, such as name, address, country, and so on. This data is separate from the billing field data such as the long card number, and CVC.

What about saved cards / Subscriptions? ↑ Back to top

When a customer purchases on your site and they store their payment method for future use, or when using our own WooCommerce Subscriptions, your site needs to “know” those details to be used again. WooCommerce Payments uses a token and API based approach. In short, this means your site will communicate with our payments system using the connection and then will request the details using a payment token. Customer payment method details such as card number and CVC, are not stored on your site.

Further reading ↑ Back to top

Along with our own general documentation, the team at, the payment process that WooCommerce Payments is powered by, has written their own in-depth article, A guide to PCI compliance.

WooCommerce - the most customizable eCommerce platform for building your online business.

Back to the top