Being “PCI Compliant” is industry lingo for following the Payment Card Industry Data Security Standard (PCI-DSS). This standard was developed by the Payment Card Industry Security Standards Council, an independent council originally formed by American Express, Discover, JCB, MasterCard and Visa. They developed a set of policies and procedures intended to optimize the security of credit and debit card transactions and to protect cardholders against misuse of their personal information.
Before the Internet became mainstream in the 90’s, credit and debit cards were mainly used at Point of Sale. Now, almost all online purchases require a credit card in some way. It is estimated that there are 10,000 payment card transactions made every second around the world.
If providing a storefront online, it is essential that you follow PCI Compliance guidelines for both you and your customers’ benefit. Your storefront should implement the following security features as outlined in the PCI-DSS standard:
- Build and Maintain a Secure Network (Set up firewalls and strong password protection)
- Protect Cardholder Data (Cardholder data must be encrypted when stored or transmitted)
- Maintain a Vulnerability Management Program (Run anti-virus/spyware software and keep all other software patched and up to date)
- Implement Strong Access Control Measures (Restrict cardholder data on a need-to-know basis)
- Regularly Monitor and Test Networks (Test your system and monitor access)
- Maintain an Information Security Policy (Build a security policy and maintain it)
Organizations that fail to comply face fines of up to $500,000 if card data is lost or stolen and risk not being allowed to handle cardholder data. These details can be found in your merchant bank agreement.
More information can be found at https://www.pcisecuritystandards.org
Phillip Grandsard is a Software Developer at PagePath Technologies. PagePath was founded in 1983 and is headquartered in Plano, Illinois. PagePath’s MyOrderDesk is an eCommerce solution that combines, Web-to-Print, automated proofing, pricing, reordering and more. It seamlessly integrates into a printing organization’s existing website or can be used as a standalone site. MyOrderDesk is known throughout the printing industry as the leader in Web-to-Print software.