Skip to main content

Top 10 Tips for eCommerce PCI Compliance

Two computers with pad lock and credit card
ecommerce, custom website

If your company relies on eCommerce, online PCI compliance is a key part of making business run smoothly. But the process of becoming PCI compliant can seem technical, complicated, and often overwhelming. Here are 10 top tips you can do right now to get moving in the right direction.


1. Update Your Website

An out-of-date website is a magnet for hackers and identity thieves. Update you website framework often to close security holes and protect you customers’ information.

2. Never Store Credit Card Information In House

With modern credit card processing portals, there should never be a need to store credit card information in your office or cafe. Train your employees to enter customers’ information directly into the terminal, rather than writing it down first. This will improve security and reduce the risk of transcription errors.

3. Use Secure Encryption

Spend the time and money to convert your website from http to https. This additional security will help protect users’ information. It will also help your marketing budget since Google Chrome now warns users any time a website is “not secure.”

4. Use a Reputable Merchant Service Provider

There’s no reason to reinvent the wheel for online credit card security. There are reputable merchant service providers that have PCI compliance down to a science. Sign up for one of their services to make sure your customers’ credit cards are handled properly.

5. Designate Specific Employees for Credit Card Processing

The more employees you have handling customers’ credit cards, the higher the chance you will have a problem with security. Limit the people who have the authority to process credit transactions and give them each a unique log-in. That way, when there’s a problem, you’ll know who was behind it.

6. Schedule Regular PCI Compliance Reviews

Create a PCI compliance checklist of all your credit card security policies and review them every quarter to make sure nothing has fallen through the cracks.

7. Use Strong Passwords

PCI Compliance and cyber-security are closely linked, especially in an eCommerce business. To protect yourself and your consumers, you should require web users to create strong passwords to access your site.

8. Lock Down Computers

Set any computer with access to your merchant service portal to automatically lock when left idle. A minor inconvenience to your employees will keep a bathroom break from becoming a security loophole.

9. Send Credit Card Customers Off-Site

The easiest way to make your eCommerce website PCI compliant is to move credit card processing elsewhere. Use a merchant service portal processed and hosted by an established company like Paypal or Authorized.net by setting up a tokenized gateway.

10. Don’t Do It Yourself

PCI compliance and eCommerce is too important to DIY. Hire an expert web development team to create a custom website using cyber-security best practices. At Provisio Technology Solutions, we can ensure your online PCI compliance while protecting your customers’ user experience. Contact us today to schedule a meeting.