PCI Compliance – Why Comply?
What the heck is PCI compliance?
If you have an e-commerce Web site or take credit cards online, you need to know about PCI compliance. “PCI compliance” is the shortened version of the mouthful “Payment Card Industry Data Security Standard” (PCI DSS). PCI DSS is a set of network security and business practice guidelines adopted by the major credit card companies to ensure that all companies that process, send, or store credit card information online have a secure environment for doing so. Although the credit card companies created the standard, it is up to the banks to require PCI compliance. That is why you may not yet be required to be compliant, but eventually you could be.
What happens if I don’t comply?
The credit card companies have the discretion to fine the acquiring banks for PCI compliance violations. This cost could eventually be passed down to you in fines, higher rates, or even expulsion.
Ouch, so how do I make my online store PCI compliant?
The point of PCI compliance is to protect cardholder data, so one requirement is to submit to quarterly network security scans that check for vulnerabilities in your Web site and hosting. There are PCI security scanning services out there such as McAfee SECURE, Trustwave, and Trust Guard. When your site passes these scans, most of these services give you a security seal to place on your site. And as a benefit you will probably see your conversion rate increase, as users are more likely to purchase from a site that they trust.
Since you will be receiving quarterly scans, it is important that you have a secure hosting environment. With the advent of PCI compliance, hosting companies such as A2 are now offering special hosting plans that ensure your site will pass these scans. These hosting packages are more costly but save you the headache of having to worry about passing these scans. It is also important to choose a good vendor for your e-commerce since these security scans also check for vulnerability in your shopping cart software, payment forms, etc.
So what should I do now?
Contact your bank or merchant provider and find out if they require, or plan to require PCI compliance. Depending on the amount of transactions you have, the PCI compliance specifications may have other requirements that go beyond the scope of this article, so make sure to find out what other measures you must take to be compliant. It is better to be proactive, as the alternative could be costly fees and fines, or worse, the loss of your ability to accept credit cards.
Let's get the discussion going. Please comment on this article.
About the Author
Mike Wisian is TradeMark Media's Technology Director. He uses his XHTML, CSS and programming skills to create Web sites and rich Internet applications.
Posts by Author
- Caroling Lee (33)
- Gina Hollis (1)
- Janis Gonser (17)
- Jean Conover (19)
- John Rasco (1)
- Jonathan Horak (6)
- Kyle Greenan (6)
- Manoj Thomas (14)
- Matt Williamson (2)
- Mike Wisian (30)
- Nick Weynand (52)
- Sarah Bailey (6)
- Sarah Buser (18)
Published by
