The Importance of PCI Compliance

Accepting credit card payment online carries great responsibility. Merchants must take every step to protect the integrity of ALL the data collected from their customers. Why? You can lose your shirt if you don’t.

The credit card companies have banded together and created a standard for the use and storage of credit card data for ecommerce companies. This standard is called the Payment Cart Industry Data Security standard (or PCI for short). It applies to ALL ecommerce merchants both big and small. If you sell something online and accept credit card payment, you HAVE to be aware of the PCI standard. Why? If your store is found to be non-complaint, you can lose the ability to collect credit card payments, be targeted by a class action suit and face HEAVY fines. Believe me, it’s a whole lot easier being complaint.

Here are some important facts about the PCI Standard:

1) The Payment Card Industry (PCI) Data Security Standard is a joint
creation of Visa, Mastercard, Discover and American Express. It is
a response to the growing severity of credit card theft.

2) The goal of the PCI standard is to protect cardholder data wherever
it may reside. The PCI has developed industry wide standards for card
data security to be followed by both merchants and providers alike.

3) Every single online store that accepts credit cards is legally
required to be PCI compliant.
In order to be compliant shopping cart
providers have to successfully completed CISP review based on PCI data
security standard.

4) Non-PCI Compliant Merchants Face:
*Losing the ability to process transactions altogether
*$500,000 in fines (per incident) Visa is actively fining merchants now
*Class-action lawsuits
*$10,000 in monthly fines

Most every merchant thinks they are complaint. But are you really? Three areas of your online store must be checked for PCI compliance.

1. You! How do you handle and store credit card data? The best practice is not to handle or store credit card data. Let the payment gateway or processor do it for you. Never store it yourself – either online or offline.

2. The payment processor. Make certain that one you use is PCI complaint.

3. The shopping cart solution. Make certain that the one you use is PCI complaint.

How can you tell if your payment processor and shopping cart solution is PCI complaint? Here is a list of companies that the completed the CISP review process and are officially compliant.
CISP Compliant Service Providers

If you doubt that your payment processor or shopping cart is officially compliant, you can contact Visa directly.

For more information regarding PCI compliance, here is the main page of Visa’s website dealing with PCI standards and the rules:
More info on PCI Compliance

The importance of PCI compliance cannot be understated. If you’re an ecommerce merchant, the responsibility is yours and yours alone. Make certain that you follow the standard and use shopping cart and payment processing companies that are officially compliant.

On a side note, PCI compliance is one reason I recommend that ecommerce merchants use a hosted shopping cart rather than a do-it-yourself solution like osCommerce. You can cover yourself and protect your customers by simply using a hosted cart solution found on the list of PCI complaint companies.

Volusion, Yahoo Stores and MonsterCommerce are the only hosted cart solutions on the list that we’ve reviewed. MonsterCommerce was one of the first to get listed but lacks many of the features and functionality that Volusion offers. Considering this, Volusion is only hosted cart solution on the list of officially complaint companies that eCartReviews recommends. MonsterCommerce and Volusion are heading in opposite directions. Volusion is going up and MonsterCommerce is going down (at least on my stock chart). Yahoo offers a great solution - if you like profit sharing! Of the three, Volusion is the best all around solution.