- Ecommerce Web Hosting
- Ecommerce Software
- Ecommerce Website Design
- Search Engine Optimisation
- Email Marketing
- Domain Names
- Plugins
- Website Themes & Templates
- What ecommerce software package
- Compare Ecommerce Software Solutions
- Which Web Hosting Package is right for me?
- Compare Web Hosting Packages
- Website Design Services
- Website Design Portfolio
- How do I optimise my site for Google
- How to choose the right domain name
PCI DSS : A roadmap to your compliance
Are you aware you are required to be PCI DSS complaint?
If not you should be!
There has been a huge volume of discussion online regarding the implications of PCI DSS compliance for internet merchants and retailers who deal with credit card transactions; online or offline.
Q. How does this affect me?
A. The merchant is ultimately responsible for their own PCI DSS compliance. Any investigation into fraud associated with any transaction you make, fraudulent or otherwise, could result in large penalties if you are found not to be adhering to the standards
Q. What does this mean for me?
A. You must make sure you are compliant to the PCI standard
The standards are very confusing. Which is the right standard for me, and how do I get compliance?
A.
The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures. This means that there are different aspects of the standard that apply to merchants various systems and processes.
The easiest way to get compliance is to determine which Self-assessment questionnaire (SAQ) validation type you are and complete the relevant SAQ form.
teclan's straight-forward guide to getting complaint:
Scenario 1 - You only take card payments for ecommerce orders using the web page of a compliant PSP
Solution 1 - You are SAQ validation type 1, and need to complete SAQ form A.
Scenario 2 - You take card payments for ecommerce orders using the web page of a compliant PSP, and take mail order related payments or card present payments using a card terminal (PDQ)
Solution 2 - You are SAQ validation type 3, and will need to complete SAQ form B.
Scenario 3 - You take card payments for ecommerce orders using the web page of a compliant PSP, and also use the compliant PSP's web form for taking mail order related payments.
Solution 3 - You are a SAQ validation type 4, and need to complete SAQ form C. You must get an external scan of your office network (to make sure hackers can’t get in from outside) and you are required to run a virus checker on every PC.
The simplest option is solution 1, using a compliant PSP provider such as PROTX to handle all transactions.
We advise all our customers to ensure they are aware of PCI DSS standards and the requirements for compliance.
If you have any queries or concerns about the above
then please get in touch.
Further information:
The website of the PCI security standards council - https://www.pcisecuritystandards.org/
Read this forum post from CEO of Actinic - Chris Barling
