.... Internet marketing resources, ecommerce web site design tutorials
  Taming the Beast - quality web marketing and ecommerce development services .... .


Return to web marketing and ecommerce articles index

PCI compliance - what you need to know 

With the spate of credit card data theft from large companies and organizations continuously hitting the headlines; card issuing companies are beginning to demand more from ecommerce merchants, large and small, to ensure that their sites are secure. 

PCI (Payment Card Industry) compliance has been optional for many small merchants up to now, but that may be all about to change very soon.

Up until recently, PCI compliance was only mandatory for Level 3, 2 and 1 merchants; i.e. those processing more than 20,000 transactions a year or having been identified as having poor security processes. 

As of October 2006, PCI compliance became mandatory to all American Express accepting merchants, including Level 4; those with 1 - 20,000 transactions per year. However, most merchants are still unaware of this and will remain unaware until something goes wrong.

From October 1, 2009; Visa will also be telling many small merchants that they can no longer accept Visa credit card payments unless they have taken steps towards achieving PCI compliance.

You can probably expect to see the other companies following suit very soon; so it's time to get prepared.

Web site security seal Discount PCI scanning

Get PCI compliant and turn more browsers into buyers by allaying their security, privacy & business identity concerns with Trust Guard's industry leading trust seals & PCI compliance services.
Learn more: Increasing your conversions with 
web site security seals


Non-compliance risks

Online store owners who are obligated to implement a PCI compliance program who don't become compliant may find themselves without the ability to process transactions or may face fines from the card company in a situation where security is breached.

In a nutshell, this means that if your online store process payments via credit card, you'll need to become PCI compliant - and it's not something you'll be able to do totally on your own as PCI compliancy requires scanning and verification by a 3rd party.

It all sounds a little scary if you haven't been through it before and while it is an inconvenience and can be costly depending on the vendor you select, the process isn't as difficult as you might expect - but much of the complexity will also depend on the third party scanning vendor you engage. You should really shop around for deals on PCI compliance because you'll find huge variations on price and support.

What is PCI compliance?

PCI compliance is a set of security criteria that must be implemented in order to protect sensitive information during any credit card transaction. The compliance criteria include specific auditing procedures, some of which are automated, the others requiring merchant input. The Payment Card Industry Data Security Standard is referenced by all credit card issuers.

PCI compliance for most merchants, that is those processing up to 6 million transactions a year, consists of the following elements:

- Quarterly scan by an authorized scanning vendor 
- Yearly self assessment questionnaire 

Quarterly PCI compliance scan

The scanning vendor you engage will run a battery of automated tests against your web site and then provide a report. The scans are very thorough and test for hundreds of different issues.

The report will contain a great deal of detail, highlighting potential problem areas in relation to severity. Depending on the issue uncovered, it may be just an advisory on how you can improve your security; but there will also be flags that show items that prevent your site from being PCI compliant. 

A good vendor with then work with you and your web host if necessary to help you address those issues.  

Get PCI compliant the easy way!

PCI compliance doesn't have to be stressful or confusing - 
engage the services of Trust Guard, a certified 
scanning vendor and industry leader. Trust Guard will 
step you through the PCI compliance process and 
provide all the support you need - at the very best prices!

PCI compliance self assessment

Added to the scan, you'll also need to complete a PCI compliance self assessment form; a sample of which can be viewed here (PDF). It's broken down into the following requirement sections:

  1. Build and maintain a secure network
  2. Protect and maintain client data
  3. Maintain a Vulnerability Management Program
  4. Implement Strong Access Control Measures
  5. Regularly Monitor and Test Networks

Many merchants may find the form utterly confusing given some of the terminology, but again, a good PCI compliance vendor will assist you with completing it and the form will likely be an online version of the sample.

The benefits of PCI compliance

While all this may seem to be a terrible inconvenience, there are certainly some positive spinoffs from becoming PCI compliant; including

  • Scanning vendors will provide you with a seal for display on your site which will help assure your customers that you are able to secure their details; which means less shopping cart abandonment. In fact, many merchants report substantial increases in sales when displaying recognized seals.

  • You'll sleep better knowing that your platform is secure.

  • You will be contributing to cracking down on the filth of the online world who seek to create havoc through the theft of credit card details.

  • You will be contributing to improve the general perception of consumers regarding ecommerce - and that benefits everyone.

PCI compliance scanning vendors

Like any certification service, you have a wide range of choices - and a wide range of pricing. The important thing to remember is that as long as the vendor is authorized to provide scans and compliance reports, that's enough to satisfy the card companies. If the scanning vendor doesn't do their job properly, they are the ones with the liability - so it's certainly in their best interests to get it right.

Having said that, you don't want to engage the services of a vendor who have poor communications. Time is money and the less time you need to spend on this exercise, the better. It's also important to choose a scanning vendor who will go beyond just handing you a report and then leaving you to figure it out on your own.

I recommend checking out Trust Guard - they are one of the leading companies in the space and have some of the best pricing around. Trust Guard also provides a broad range of other services such as web site security seals and certification programs - which PCI compliance scans are a component of.

Related articles

Web site security seals and certificates

Michael Bloch
Taming the Beast
Tutorials, web content, tools and software.
Web Marketing, Internet Development & Ecommerce Resources

In the interests of transparency and disclosure, please note that the owner of Taming the Beast.net often receives goods and services mentioned in reviews for free, or may receive payments or affiliate commissions for advertising or referring others to merchants of products and services reviewed.

Copyright information.... This article is not available for reproduction without explicit written permission from Michael Bloch and Taming the Beast.net


Click here to view article index 

Online meeting & webinar software review
Powerful, easy to use collaboration tools that can help improve your marketing sales and training efforts. Learn more about these services in this review & try a free trial!

The best shopping cart software
Our reviews of some of the best shopping carts around - free ecommerce solutions  through to premium services offering affiliate programs, marketing modules & online soft goods delivery.  Shopping cart software guide 

Autoresponder software/mailing list manager
 Read our beginners guide and reviews of all-in-one autoresponder & email marketing software solutions.

Credit card transaction fraud screening!  Effective fraud screening is an essential part of running an online businesses. Fraud transactions cost you money and can threaten your merchant account. Pick up a stack of transaction screening tips in this free guide! 

Need some advice/tools for writing/creating a web design, development or marketing proposal?






Get paid cash taking online surveys - free to join online 
survey companies that will pay you cash for your opinion!

In Loving Memory - Mignon Ann Bloch

copyright (c) 1999-2011  Taming the Beast  Adelaide - South Australia 

Profile - Contact - Privacy - Consultants Portfolio 

Search Site - Terms of Service - Social/environmental