Protect Your Customers and Your Business with PCI Compliance
Protecting your customers and your business from credit card fraud is a major consideration in ecommerce. Any business accepting online credit card payments needs to be compliant with the Payment Card Industry Data Security Standard (PCI DSS) in order to combat online credit card fraud.
PCI DSS aims to protect the individual’s personal information through proper security when credit card transactions are processed. The PCI DSS was set up by the Payment Card Industry Security Standards Council. The founding members of the Council include American Express, MasterCard and Visa.
The Risks without PCI Compliance
The risk to your business of credit card fraud is high, as online fraud continues to rise. The impact of fraud is not only a loss of revenue but could also mean that your business suffers:
- A fine imposed by your bank
- A forensic investigation that you will have to fund
- A reclassification of your merchant status
- A major loss of faith by your customers – which could fatally damage your business
6 Requirements of PCI DSS
Under PCI DSS you, as the merchant, must:
1. Build and maintain a secure network
- Install and maintain a firewall configuration to protect cardholder data.
- Do not use vendor supplied defaults for system passwords and other security parameters.
2. Protect cardholder data
- Protect stored cardholder data.
- Encrypt transmission of cardholder data across open, public networks.
3. Maintain a vulnerability management programme
- Use and regularly update anti-virus software.
- Develop and maintain secure systems and applications.
4. Implement strong access control measures
- Restrict access to cardholder data by business need-to-know.
- Assign a unique ID to each person with computer access.
- Restrict physical access to cardholder data.
5. Regularly monitor and test networks
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
6. Maintain an information security policy
- Maintain a policy that addresses information security.
PCI for Ecommerce
There are three major elements of PCI compliance which affect ecommerce.
Storing the Card Verification Value (CVV) number is prohibited. You are not allowed to store the three-digit CVV number under any circumstances.
Protecting the Primary Account Number (PAN). The PAN is the 14 or 16-digit code across the front of the credit card. This has to be available to those with a need to access it, otherwise it must be masked. The PAN must be encrypted when stored and transmitted.
Compliance with the Payment Application Data Security Standard (PA DSS). This applies to all third party ecommerce software. It sets out the security requirements for processing credit card transactions. Your ecommerce software must be PA DSS compliant.
Helping You Achieve PCI Compliance
Xanthos has over 14 years of experience in building PCI compliant ecommerce websites.
Protecting your customers’ data is central to how Xanthos creates and launches your ecommerce website. Xanthos only works with PA DSS compliant ecommerce software, and PCI DSS certified web hosting providers, to make sure that your store is safe and secure.