Online merchants continue to struggle with the requirements set ahead by the PCI or Payment Card Industry.
First off, what is PCI compliance? Well, the PCI DSS (or Payment Card Industry – Data Security Standards) are the result of collaboration between the 5 major credit card companies (Visa, Mastercard, American Express, Discover and JCB) to develop a set of standards and a single approach to safeguarding sensitive data, preventing credit card fraud, hacking and various other security issues. So, the DSS or Data Security Standards are a series of "best practices" for handling, transmitting and storing sensitive data.
What does this mean for you, the online merchant?
Well, currently, any merchant who processes, stores or issuers credit card data MUST be compliant with the standards or they risk hefty fines, additional fees charged by their merchant bank or even losing the ability to process credit cards altogether … putting your entire business at risk.
As an online merchant, it is your responsibility to identify an ecommerce provider who is PCI DSS compliant. That means that the service provider can offer its merchants a safe and reliable solution for their ecommerce needs including secure and complaint hosting and payment processing. Companies who are Level 1 compliant adhere to the strictest level of the PCI standards. You can identify service providers who have met this level of compliance by reviewing Visa or MasterCard's "List of Compliant Service Providers" available on their websites. But wait, there's more to your role as a merchant than simply partnering with a compliant ecommerce provider.
As an online merchant, even if you host and process your credit card transactions through a compliant service provider, you also need to demonstrate and prove your compliance with the standards because of the activities that you perform in your place of business. Again, if you can not prove your compliance, you can face fines, additional fees imposed by your merchant bank or even the loss of your ability to take credit cards. Now, being with a compliant provider is your first step and makes your compliance process pretty simple. Because you process cards through a level 1 provider, you are able to complete a simplified self assessment questionnaire (or SAQ) that focuses on your activities and that testifies to the fact that you perform the appropriate actions when handing card data. Once you've completed that question, you'll also need to have your website scanned for vulnerabilities by an approved scanning provider. Upon a successful website scanning and the completion of the questionnaire, you can obtain a "certificate of compliance" to provide to your merchant bank to prove that you're adhering to the PCI standards.
So, how do you get started with YOUR compliance as a merchant? Well, I urge you to find a level 1 compliant ecommerce provider to partner with for your needs and I also warn you to protect your business by becoming complian yourself! You can learn more about the PCI DSS by visiting the PCI Standards Council. They are the governing body who sets and monitors these standards.
I hope that this information was helpful and I hope that you take the necessary steps to protect both your business and your customers from data security breaches and credit card fraud.