Internet marketing resources, ecommerce web site design tutorials and  just for fun - free cell phone ringtones!
  Taming the Beast - quality web marketing and ecommerce development services

PCI compliance crackdown

Posted by Michael Bloch in ecommerce (Saturday September 29, 2007 )

Are you an ecommerce enabled merchant? PCI compliant yet? If you aren’t, it’s time to get ready as one of the major card companies is about to start issuing fines to larger merchants who aren’t PCI compliant … and smaller merchants will no doubt be next in the firing line.

In case you weren’t aware, PCI (Payment Card Industry) compliance is a set of standards that must be met to protect cardholder information during any transaction. It covers these key areas:

– Build and Maintain a Secure Network
– Protect stored cardholder data
– Maintain a Vulnerability Management Program
– Implement Strong Access Control Measures
– Regularly Monitor and Test Networks
– Maintain an Information Security Policy

It used to be that only larger merchants needed to be PCI compliant; but it is a requirement of all merchants now – it just hasn’t been enforced yet.

If you haven’t heard of PCI compliance, your eyes are likely rolling back in your head at the moment; but it’s really not all that complex. You can learn more about the topic in my article; PCI compliance – what you need to know.

According to this news item on Internet Retailer, Level 1 merchants must be certified as complying with the Payment Card Industry (PCI) Data Security Standard by Sept. 30 or face fines from Visa. Visa states it will impose fines of between $5,000 and $25,000 *per month* for failure to meet the PCI deadlines. Level 1 retailers process more than 6 million Visa card transactions a year. The other levels are:

Level 2 – 1 to 6 million transactions a year
Level 3 – e-commerce-only retailers processing at least 20,000 Visa transactions a year
Level 4 – under 20,000 Visa transactions per year.

The deadline for level 2 merchants is December 31. Visa has not announced deadlines for Level 3 and 4 merchants.. yet.

While PCI compliance can be somewhat of a pain in the butt, it’s a useful exercise that can help reassure you and your clients of your system security. Compliance isn’t just about processes at your end, but also your web host’s security. I had someone contact me the other day who asked their web host, one of the biggest in the world, about their PCI compliancy status and the support person didn’t have a clue what the term meant – rather unsettling given its importance.

As part of the compliancy process, you’ll need to have your site scanned by an accredited PCI scanning vendor. Once you’ve passed, you’ll usually receive special seals you can post on your site showing that you’re compliant. These security seals have been demonstrated to help boost sales as a reassured visitor is more likely to buy – and spend more.

If you’re looking for PCI compliancy consulting and scanning services, consider ControlScan – an accredited scanning vendor. You can trial their services free and Taming the Beast referred customers get special pricing!


Security certificates and seals
PCI compliance – what you need to know


Comments for PCI compliance crackdown

No comments yet.

Sorry, the comment form is closed at this time.