PCI Compliance for eCommerce Sites

If you own a business and accept credit cards as a form of payment, you better have an understanding of what PCI compliance is and take measures to ensure you meet or exceed industry standards. Being PCI compliant is not only essential in order to protect your customers, but also to protect your business as well. Here is a closer look at what you need to know about PCI compliance:

What Exactly Is PCI Compliance?

PCI compliance is a list of standards set forth by the credit card industry that merchants need to follow. Even though compliance is not technically mandatory, if you are not in compliance your right to accept credit cards as a form of payment from your customers can be revoked.

PCI compliance is a method for making sure all companies that process credit cards all use the same security practices when it comes to processing, storing and transmitting credit card data online in order to protect consumers, the credit card companies, and your business.

What Steps Do You Need To Take Ensure PCI Compliance?

Depending on the sales volume of your eCommerce website and the number of transactions you complete on a yearly basis, your company will fall into one of four compliance categories. If you are unsure of what category you fall in, you should check with your merchant account provider to find out. While each level has its own specific standards you must meet, general compliance requirements for all companies regardless of transaction volume include the following:

  • Your business must design and maintain a secure network or networks so that data transmitted during a credit card transaction is not compromised and additionally you must make sure that any data you collect from such transactions is stored securely. You will need to use a variety of tools like encryption, the use of non-public networks, firewalls, etc.
  • You must have in place a means for monitoring and testing your processing and data storage systems on a regular basis to ensure that they always remain secure. Checks should include making sure you update your software programs when needed, replace hardware and more as required by the testing.
  • You will need to make sure that access to any stored data is not accessible to your entire employee base as you never know when you are going to have a disgruntled employee that might make a security breach.
  • Any employees that do have access to data and who help maintain data security need to be properly trained to minimize errors and help prevent accidental security breaches.

What Are The Consequences Of Not Being Compliant?

Not being PCI compliant can have dire consequences. Worst case scenario, you may lose your merchant account privileges and not be able to accept credit cards as a form of payment. This could be detrimental to your business and even put you out of business completely! Other issues you may have to deal with if you are not compliant include security breaches, fines, lawsuits against your company, and insurance claims.

19 thoughts on “PCI Compliance for eCommerce Sites”

  1. Pingback: BizSugar.com

  2. I don’t have deep knowledge in economics, but I can say that this information should be taken into account by every business owner because the majority of them pay everything with the help of a credit card.

  3. Hey David nice post,

    This is why I prefer to use PayPal when paying online, just so much easier than credit cards and more secure since you only get to spend what you credit it with.

    Thanks for sharing. 🙂

  4. I am not selling anything on my site but a good information to have. Thanks for sharing. I guess if we use paypal than this PCI compliance foes for them or will it remain on us also?

  5. Great post. I’m owner of an e-commerce in Brazil, and the ideas above will be very useful to improve my sales. Thanks!

  6. Good to know. Going through a third party website might be the best way to sell online then. I’m not sure how to do all that coding and security.

  7. I agree, security is really a big issue on ecommerce sites, there are a lot of fraud sites that have offers no one can refuse but at the end it was just a big scam. This is one good thing for ecommerce sites to consider. Interesting mash up David.

  8. Cristian Balau

    What not use paypal? I rarely use my actual credit card anymore when I buy/sell stuff online, paypal is just right for most of my needs and every website should use this form of payment.

  9. Good to know about PCI. It’s stupid that it’s not mandatory though. Of course it sucks if you lose your right to accept credit cards, but that would be your own fault. But your customers getting into trouble because you were too lazy to meet the PCI requirements is really bad for them.

  10. It is very important to follow these practices as they will protect you later on. It has become fairly common these days for businesses to have their credit card processing terminals hacked so that every card processed get there numbers copied by a third party. If your business has not followed set PCI protocols, you can be held liable.

  11. There are certainly a lot of details like that to take into consideration. That is a great point to bring up. I offer the thoughts above as general inspiration but clearly there are questions like the one you bring up where the most important thing will be working in honest good faith. I don?t know if best practices have emerged around things like that, but I am sure that your job is clearly identified as a fair game.

  12. I think this is the process most subtile of ecommerce.
    To ignore the standard PCI compliance is really risky. Retailers can be fined and even lose card processing privileges, as has been said. Security breaches can damage the reputation and the brand of a company and lead to financial losses.

  13. Hi David,
    Its first time I get to know the importance of PCI. My question is, how a Credit Card user know that either an institution is PCI compliant or not?

  14. i am planning to work on eCommerce site, this article will definitely will help me for that. Thank for sharing

  15. The benefit of using PayPal Pro to accept online payments is that PayPal is PCI compliant so if you are a webmaster looking to sell products online, you’ll meet all PCI requirements if you have a PayPal Pro merchant account.

  16. I also found that PayPal tended to get around this issues. The only problem everyone is going to find is cost…cost…cost!!!

Comments are closed.