| Online merchants continue to struggle with the | | | | your credit card transactions through a compliant |
| requirements set forth by the PCI or Payment Card | | | | service provider, YOU also need to demonstrate and |
| Industry. | | | | prove your compliance with the standards because of |
| First off, what is PCI compliance? Well, the PCI DSS | | | | the activities that you perform in your place of |
| (or Payment Card Industry - Data Security Standards) | | | | business. Again, if you can't prove your compliance, |
| are the result of collaboration between the 5 major | | | | you can face fines, additional fees imposed by your |
| credit card companies (Visa, Mastercard, American | | | | merchant bank or even the loss of your ability to take |
| Express, Discover and JCB) to develop a set of | | | | credit cards. Now, being with a compliant provider is |
| standards and a single approach to safeguarding | | | | your first step and makes your compliance process |
| sensitive data, preventing credit card fraud, hacking | | | | pretty simple. Because you process cards through a |
| and various other security issues. So, the DSS or Data | | | | level 1 provider, you are able to complete a simplified |
| Security Standards are a series of "best practices" for | | | | self assessment questionnaire (or SAQ) that focuses |
| handling, transmitting and storing sensitive data. | | | | on your activities and that testifies to the fact that you |
| What does this mean for you, the online merchant? | | | | perform the appropriate actions when handing card |
| Well, currently, any merchant who processes, stores | | | | data. Once you've completed that questionnaire, you'll |
| or disseminates credit card data MUST be compliant | | | | also need to have your website scanned for |
| with the standards or they risk hefty fines, additional | | | | vulnerabilities by an approved scanning provider. Upon |
| fees charged by their merchant bank or even losing | | | | a successful website scanning and the completion of |
| the ability to process credit cards altogether... putting | | | | the questionnaire, you can obtain a "certificate of |
| your entire business at risk. | | | | compliance" to provide to your merchant bank to |
| As an online merchant, it is your responsibility to identify | | | | prove that you're adhering to the PCI standards. |
| an ecommerce provider who is PCI DSS compliant. | | | | So, how do you get started with YOUR compliance |
| That means that the service provider can offer its | | | | as a merchant? Well, I urge you to find a level 1 |
| merchants a safe and reliable solution for their | | | | compliant ecommerce provider to partner with for |
| ecommerce needs including secure and complaint | | | | your needs and I also warn you to protect your |
| hosting and payment processing. Companies who are | | | | business by becoming compliant yourself! You can |
| Level 1 compliant adhere to the strictest level of the | | | | learn more about the PCI DSS by visiting the PCI |
| PCI standards. You can identify service providers who | | | | Standards Council. They are the governing body who |
| have met this level of compliance by reviewing Visa or | | | | sets and monitors these standards. |
| MasterCard's "List of Compliant Service Providers" | | | | I hope that this information was helpful and I hope that |
| available on their websites. But wait, there's more to | | | | you take the necessary steps to protect both your |
| your role as a merchant than simply partnering with a | | | | business and your customers from data security |
| compliant ecommerce provider. | | | | breaches and credit card fraud. |
| As an online merchant, even if you host and process | | | | |