Is Your Online Store PCI Compliant?

Credit cards with lock on top

Are you considering accepting online orders and payments on your company's website? As e-commerce becomes an increasingly common way to sell products and services, many small businesses are interested in creating an online store. However, taking your customers' credit card information online carries inherent risk for your company. If credit card fraud occurs and it is determined that your website is not PCI compliant, the cost could put your company out of business. It's important to know that your website is PCI compliant so that you can protect your customers and conduct business with confidence.


What Is PCI Compliance?

The Payment Card Industry Data Security Standard (PCI DSS) is the international standard for securely accepting and using customers’ sensitive credit card and billing information. Its protocols are designed to protect your users against identity theft and other forms of cybercrime. The PCI DDS applies to any organization, no matter how big or small, that accepts, transmits, or stores cardholder information. It applies to all forms of payment cards including Visa, MasterCard, American Express, Discover and JCB, as well as debit, credit, or prepaid cards.

What Do You Need to Do To Become PCI Compliant?

Your business falls into one of four merchant validation levels based on Visa transaction volume over a 12-month period. Here’s the breakdown:

  1. Merchants with over 6,000,000 total transactions.

  2. Merchants with 1,000,000 to 6,000,000 total transactions.

  3. Merchants with 20,000 to 1,000,000 e-commerce transactions.

  4. Merchants with less than 20,000 e-commerce transactions or up to 1,000,000 total transactions.

Small business owners (Level 4 merchants) must complete a self-assessment questionnaire (SAQ) to validate compliance, and complete an SAQ Attestation. Most are also monitored through periodic Approved Scanning Vendor (ASV) vulnerability scans. If your company has had a cyber-security breach that resulted in compromised customer account data, you could be escalated to a higher level and required to do more to validate your security.

Receiving Credit Card Information Online

If you are going to receive credit card payments online, you need to make sure your cyber-security is up to the task. There are 12 requirements for secure online payments:

  1. Firewall configurations that protect cardholder data

  2. Strong passwords and security parameters

  3. Physical and virtual security of stored data

  4. Encrypted transmission of cardholder data over open, public networks

  5. Updated anti-virus software

  6. Secure and up-to-date systems and applications

  7. Restricted employee access to cardholder data

  8. Unique, track-able user IDs for each person with access

  9. Restricted physical access to off-site cardholder data

  10. Monitored access to network resources and cardholder data

  11. Regularly tested security systems and processes

  12. Strong information security policies.

If you are considering e-commerce for your business, Provisio can help you understand and evaluate the requirements and what you need to do to comply with PCI DSS standards. Our staff can also assist you in completing the offline portion of the PCI compliance protocol.

Don’t take a risk with your customers’ money. Treat PCI compliance seriously and take the time to ensure that your site is protected. Contact Provisio Technology Solutions to schedule a meeting and take the first step to doing business better online.