PCI compliance

Clients often ask about Payment Card Industry Data Security Standard (PCI DSS) compliance. Finalsite has partnered with HostedPCI (HPCI) and Bluesnap to provide PCI-compliant payment solutions through our software. This means Finalsite does not process or store banking or credit card information within our hosting environment; payments are processed by PCI-compliant gateway providers.

You should not need to prove the PCI compliance of your website as your website/Finalsite is not the merchant handling/storing card data. PCI attestation only applies to those merchants or service providers who handle or store cardholder data.

HostedPCI is your merchant service provider and is the only link in the chain that actually has access to the cardholder's data. Their attestation of compliance can be found here:


Clients will need to go to their SAQ questionnaire to change the response so that HPCI is indicated as the third-party processor, and bypass the requirement to scan their website.

You should only need to fill out the SAQ Type A questionnaire if you're processing credit card payments through the HPCI system.

Was this article helpful?
4 out of 6 found this helpful



Please Sign in to leave a comment if you don't see the comment box below.