![[ ]](/images/stories/top-links-bullet.jpg)
Yes, its true. Your little Mom and Pop web store may be facing fines from the very companies that provide the process for you to receive your customer payments. If you haven’t heard about it yet, it is called PCI Compliance and while it is not a law, it is real and something to be concerned about. One year from now your store could be facing fines from the credit card processing companies (Visa, MC, Amex, etc.).
But wait, don’t let me scare you completely. Big brother is not going to come crashing down upon everyone and there are a lot of good reasons for this program that benefit you and your customer.
So what is PCI Compliance?
In a nutshell, it is a program developed by the major credit card processing companies (Visa, MC…you know the drill) to help protect customer’s credit card information. In an ever increasing digital world, these companies have paid out major cash to customer’s due to stolen credit card information. The companies then started to enforce their own brand of penalties, but these disparate systems were very difficult for the merchants and banks to maintain. So the credit card processing companies got together and came up with the Payment Card Industry Data Security Standard (PCI DSS) to ensure that all companies that transmit and receive customer data are doing so in a secure environment.
For some really dry reading…check out these articles on PCI Compliance:
Gone will be the days of small merchants setting up a website’s shopping cart to accept credit card information that you hand feed into your merchant machine. Think of all of the security holes in this process. You have to display a credit card number on your screen that anyone could look over your shoulder and see…and scary as it may seem, imaging as a consumer putting your credit card information into a website, only to have the merchant print out your credit card information and then throw it in the trash when they are through punching it in. Yes, these standards might be a little annoying to some, but as a consumer, you should be happy to know these standards are moving into effect.
So, when does PCI Compliance take effect? Its actually already in effect. Level 4 merchants (stores with less that 20,000 transactions per year) were to be in compliance by January 1, 2008. But no worries. You still have a year to get your merchant act together. Fines do not start until July 1st, 2010.
Each website’s needs will be different. Set up a meeting with your web developer and ask him to give you a review of your website’s compliance. Many may already be compliant or may just need to make some tweaks in the process. Just having PayPal as your only means of processing does not necessarily make you compliant. You will need to make sure you are not storing any sensitive information on your server at all. Your web developer can tell you if your sites software is in or out of compliance.
Now is the time to get started.
SEO + Analytics