|
|
|
|
|
|
by mattkevan
2939 days ago
|
|
|
Sure. PCI compliance is a set of rules as to how credit card data is handled on your site. Depending on how your payment process works and how many transactions you make in a year there's a sliding scale of progressively more stringent guidelines. Using a gateway like Stripe which has a hosted payment form reduces the PCI risk but doesn't remove it entirely. And the PCI guidelines make GDPR look like a model of clarity and straightforwardness. Last time I looked into it, there was a debate as to whether Stripe fell into PCI DSS Self Assessment Questionnaire (SAQ) A or SAQ A-EP. A is pretty simple to meet, but A-EP is not. Even Stripe seemed to hedge on this. If anyone more knowledgeable than me can weigh in, I'd appreciate it! As for tax, depending on what you're selling you have to add the correct tax for your customer's country. For example as I understand it, the EU VAT MOSS rules mean that when selling digital downloads you have to apply the correct sales tax for every country people are buying from. You not only have to build a system for changing the tax depending on the address, but also understand the tax situation of every country you want to do business in. (Again, if I'm wrong or making it too complicated, I'd like to know). Thankfully there are platforms like Etsy or Gumroad for selling digital downloads that do all that stuff for you. The fees may be high compared to a DIY solution, but it's worth it for a small merchant. |
|
|