PCI Compliance stands for “Payment Card Industry Data Security Standard” compliance. The major credit card brands have created this standard in order to help reduce credit card fraud by requiring secure handling of credit card information.
PCI Compliance considers:
1. In-office card data handling by computer or other means
2. Online/e-commerce card data handling
There are different levels of requirements for PCI compliance depending on the volume of annual transactions processed by the merchant in question.
Level 4, the level where the business has the fewest annual transactions, requires a self-assessment and quarterly verification. If a website is processing credit card data within the website itself, the business would need to use a dedicated server or a virtual private server.
Why is PCI Compliance important?
Visa and Mastercard require any website that is handling credit card data to be PCI Compliant.
Beyond that, your reputation is at stake. It’s important to show your customers that you take your role in protecting their information seriously. Don’t let your clients’ credit card information be breached because of any failing on your part. Making your website PCI compliant is a non-negotiable step if you intend to handle your client’s credit card information directly on your website.
If you manage an online store, PCI compliance is something you must consider.
PCI Compliance sounds like a lot of trouble. Is there an easier way?
There are several payment processors you can use, like PayPal, Stripe, Authorize.net, or others which can process your payments off-site. Many of these options shift the burden of PCI compliance to the credit card processor. Some offer ways to integrate their payment system with your website design in order to maintain a coherent user experience. Red Earth Design, Inc. can advise you on payment processing services to meet your needs.
How do I verify my site’s PCI compliance?
Trustwave is one of the most popular PCI scanning services. It will generate a report telling you which elements of your credit-card handling processes pass the test, and which parts have problems that need to be fixed in order for you to pass the appropriate level of PCI compliance.
You can read more about PCI Compliance here, and you can get in touch with us to discuss how you want to handle credit card data on your website.