Security

BigCommerce is now PCI Complaint

BigCommerce is now PCI complaint according to their blog dated 1/27/11. The stampeding sound you hear are Volusion's disgruntled customers running for the door. I fear they may end up wedged in BigCommerce's front door ala the Three Stooges.

http://www.bigcommerce.com/ecommerce-blog/bigcommerce-is-now-pci-compliant/

The Importance of PCI Compliance

Accepting credit card payment online carries great responsibility. Merchants must take every step to protect the integrity of ALL the data collected from their customers. Why? You can lose your shirt if you don’t.

The credit card companies have banded together and created a standard for the use and storage of credit card data for ecommerce companies. This standard is called the Payment Cart Industry Data Security standard (or PCI for short). It applies to ALL ecommerce merchants both big and small. If you sell something online and accept credit card payment, you HAVE to be aware of the PCI standard. Why? If your store is found to be non-complaint, you can lose the ability to collect credit card payments, be targeted by a class action suit and face HEAVY fines. Believe me, it’s a whole lot easier being complaint.

E-Commerce and the Law

E-Commerce and the Law

Currently, there are not any consumer protection laws focused specifically on ecommerce. Online shopping is covered by the same consumer protection laws that cover tradition brick and mortar stores.

There are two classifications of B2C E-Commerce. They are as follows:

1. Direct Sellers
These are companies that provide products or services directly to customers are called direct sellers. These types of B2C companies are the most well-known. There are two types of direct sellers: e-tailers and manufacturers. An example of an e-tailer would be Amazon.com.

EV SSL Certificates

EV SSL Certificates
These certs go to eleven.

There is a new type of SLL certificate on the block. The Extended Validation SSL Certificate has been developed by Verisign as a way to increase consumer confidence while shopping online. The EV SSL certificates are expensive and getting one requires additional paperwork. Verisign provides a EV SSL cert for $1,299 for a year. Thawte and Geotrust offer the same cert for $899 per year. This is huge leap in cost when compared to the traditional 128-bit SSL certificates annual cost of around $150.

So what does this extra outlay of cash afford the small e-commerce business? The ability to have 256-bit encryption and more detailed store identity authentication visable to the customer (to stave off phishing). Plus, customers using IE7 will have their address bar turn green while shopping on your store. This is supposed to increase “your site visitor’s confidence.”