Ecommerce Spot

PCI compliance for ecommerce businesses

PCI compliance for ecommerce businesses

As an ecommerce merchant who accepts credit cards, you’ve probably heard of PCI or PCI DSS. PCI DSS stands for Payment Cards Industry Data Security Standard, a recent regulatory change that significantly affects the way credit card payments are processed. All merchants that accept credit cards need to be PCI compliant, regardless of the size of their business or the industry in which they operate.

How does PCI DSS affect your business?

  • Costly Upgrades: The state of your current system will ultimately determine how PCI DSS affects your business. If you meet the current requirements, then you may not face any significant changes at all. The most common situation involves payment solution and network upgrades that could cost you a lot of money.
  • Safe Harbor Status: One of the main benefits of becoming PCI DSS compliant is safe harbor status. This designation protects you from fines in the event of a security breach. In order to benefit from safe harbor status, all security requirements must be in place.
  • Fines:If your business is not PCI DSS compliant, it may be audited, fined or sued. In the worst-case scenario, you may lose the right to process credit cards entirely.

Ecommerce businesses can improve payment security by following the 12 requirements outlined by the PCI DSS. These requirements aim to reduce the risk merchants face when handling sensitive credit card account data. Many ecommerce businesses are unaware that during the payment process, account information is being stored in their payment system. By retaining this data, merchants immediately become liable for any damages that may result in the event of a data breach. As a result, you need to be very careful in selecting an ecommerce merchant account.

The introduction of the PCI DSS in 2010 has forced businesses to seriously evaluate the integrity of their payment systems. Along with increasing their exposure to fraud costs, businesses that wait to become PCI compliant risk losing their processing privileges entirely in the event of a serious data breach.

How can ecommerce merchants become PCI compliant?

First, you may have to change your current systems in order to meet PCI DSS standards. If you currently operate with an up-to-date solution, you may only need a slight upgrade. If your system is old, it may be worthwhile to switch to a new solution that offers a more secure payment environment. We recommend contacting a merchant account provider to help determine which option is best for your business.

Second, merchants must document their security compliance. Depending on the amount of transactions a business processes, they may require a more thorough documentation process.

  • Lower lever merchants have up to six million transactions per year. These businesses should complete a self-assessment questionnaire and quarterly security scanning to ensure PCI DSS requirements are met.
  • Level one merchants have more than six million transactions per year. In addition to the lower lever requirements, level one merchants must facilitate an annual audit by a qualified security assessor.

The subject of PCI DSS compliance can be overwhelming. Make sure you contact your merchant account provider for more information and help getting set up with a secure payment solution.

PCI DSS Resources

VersaPay Canadian merchant accounts
PCI Security Standards Council

Copyright ©2017 PoppyWeb Pty Ltd. Registered trademarks are property of their respective owners.

About us | Privacy Policy | Site Map