PCI (Payment Card Industry) compliance has been optional for many small eCommerce sites up to now, but that all may be about to change very soon. Previously, PCI compliance was only mandatory for Level 3, 2 and 1 merchants, which means those merchants that process more than 20,000 transactions a year or have been identified as having poor security processes. Now, everything has changed. Whether or not that change is for the better is up to eCommerce merchants’ willingness to comply. Their users, of course, will appreciate the added protection of their sensitive data, which is great PR anyway.
Well, as of October 2006, PCI compliance became mandatory to all American Express-accepting merchants, including Level 4–those with 1 – 20,000 transactions per year. However, most merchants are still unaware of this and will remain unaware until something goes wrong.
What does this mean for you as a small eCommerce Business Owner? It means that your platform and eCommerce site needs to be hosted in a PCI compliant data center if you’re going to be making credits cards transactions through your site. This is actually great news, because it simplifies the steps you have to take to become PCI compliant. All you have to do is host your site in one of several PCI Compliant data centers scattered across the world.
I thought this was one of the funniest tips toward a horrible ecommerce site ever! Here’s just a glimpse of the article:
“People love filling out 8 pages of forms before they can buy stuff. Better yet, add in a couple more pages to surprise the customer just when they think they’re finally through! You really do need the customer’s age, gender, and the name of his first-born son before you can sell him your hand-painted dishrags.
“Whatever you do, make it as hard as you can for the customer to complete a sale and pay you money — that’s how you can tell if a customer is truly dedicated (or if they love pain).
“There are several great tips that we all can use to improve our ecommerce sites. Knowing the mistakes that others have made and how we can avoid them will help us to have the best sites available. Here are some great tips!”
Read Article
As of October 2006, PCI compliance became mandatory for all American Express-accepting merchants, including Level 4; those with 1 – 20,000 transactions per year. Most merchants are still unaware of this and will remain unaware until something goes wrong or they get flat-out shut down.
From October 1, 2009; Visa will also be telling many small merchants that they can no longer accept Visa credit card payments unless they have taken steps towards achieving PCI compliance. This PCI eCommerce crack down has already started and will continue to hurt smaller eCommerce sites unless they comply.
Online store owners who are obligated to implement a PCI compliance program and don’t may find themselves without the ability to process transactions. They also may face fines from the various card companies in a situation where security is breached.
This basically means that if your online store processes payments via credit card, you’ll need to become PCI compliant. PCI eCommerce is not something you’ll be able to do totally on your own in your basement as the process will require an audit and verification by a 3rd party.
If you are hosted in a 100% PCI eCommerce compliant data center, you will be fine and this transition will not affect you. NetHosting is one of 4 present data centers in the US to be PCI compliant and PCI certified. They have spent over a year getting this compliance issue taken care of.