After July 2021, the 2.3.x release line will no longer receive quality updates, or user guide updates. PHP 7.3 reaches end of support in December 2021 and Adobe Commerce 2.3.x reaches end of support in September 2022. We strongly recommend planning your upgrade now to Adobe Commerce 2.4.x to help maintain PCI compliance.
PCI Compliance Guidelines
The information on this page is intended for Adobe Commerce 2.3 customers who are on an extended support contract. The Adobe Commerce Merchant Documentation for current releases is published on the Adobe Experience League.
The Payment Card Industry (PCI) has established a set of requirements for businesses that accept payment by credit card over the Internet. In addition to maintaining a secure server environment, merchants who handle customer credit card information must meet the following guidelines.
PCI requirements
![]() |
Install and maintain a firewall configuration to protect cardholder data. |
![]() |
Do not use vendor-supplied defaults for system passwords and other security parameters. |
![]() |
Protect stored cardholder data. |
![]() |
Encrypt transmission of cardholder data across open, public networks. |
![]() |
Use and regularly update antivirus software. |
![]() |
Develop and maintain secure systems and applications. |
![]() |
Restrict access to cardholder data by business need to know. |
![]() |
Assign a unique ID to each person with computer access. |
![]() |
Restrict physical access to cardholder data. |
![]() |
Track and monitor all access to network resources and cardholder data. |
![]() |
Regularly test security systems and processes. |
![]() |
Maintain a policy that addresses information security. |
To learn more, see Magento Approach to PCI Compliance.
As your business grows, you may be required to file a compliance report on an annual basis. PCI reporting requirements increase in proportion to merchant level, but are waived for businesses that process fewer than 20,000 credit card transactions per year. To learn more, visit the PCI Security Standards Council website.