Internet marketing resources, ecommerce web site design tutorials and  just for fun - free cell phone ringtones!
  Taming the Beast - quality web marketing and ecommerce development services

PCI compliance -mandatory for all?

Posted by Michael Bloch in ecommerce (Saturday October 7, 2006 )

For many smaller ecommerce merchants, PCI compliance has been an optional exercise; but that appears set to change in the very near future. If you store client card details as part of your online business; even if you only process one transaction a year, you may soon find yourself needing to become PCI compliant.

I was talking to a colleague in the PCI compliance industry a couple of days ago and it seems that American Express began sending out letters to *all* Amex accepting merchants on Wednesday stating that they must achieve compliancy; which includes having your site scanned/certified by an authorized 3rd party. Where American Express has gone, other card companies will follow no doubt.

Up to this point, PCI compliance was only mandatory for Level 3, 2 and 1 merchants – those processing over 20,000 transactions per year in most circumstances. Level 4 merchants, which will include many thousands of small online businesses, will now need to also toe the PCI (Payment Card Industry) compliance line.

I’m still trying to determine the date that this will need to be done by as I haven’t physically sighted the American Express letter as yet. I’m also not clear on what will happen to Level 4 merchants who don’t become compliant; but in relation to Level 3, 2 and 1 merchants who have been required to gain certification for quite some time now; it’s usually meant the risk of fines from the card company if security is breached or the loss of payment processing support.

So what is this PCI compliance, what does it cost, how do you achieve it and what’s the role of these third party compliancy scanning and certification vendors? Learn more in my new article; PCI compliance – what you need to know.


Web site certifications and seals


Comments for PCI compliance -mandatory for all?

No comments yet.

Sorry, the comment form is closed at this time.