PCI DSS stands for Payment Card Industry Data Security Standard. This standard was developed back in 2004 by the main credit card companies like Visa and Master Card. It’s a set of standards used to prevent credit card fraud, hacking and security vulnerabilities.
PCI DSS compliance is strictly enforced, and any webmaster accepting credit cards on his or her website must comply to these standards. It consists of the way domains are secured including open ports on a server, holes in firewalls and other server applications that have not been upgraded to the latest and most secure features.
In order for a website to become PCI DSS compliant, it must provide a report from a Qualified Security Assessor to the issuer of their merchant account, usually a bank you signed an agreement with, when you opened your merchant account. The issuer can request this report at any time and you must keep it up to date. If the webmaster cannot prove that the site is PCI DSS compliant, they can lose their ability to process payments from the website. The amount of PCI DSS reports required is determined by the amount of transactions the domain processes in a given year. The more transactions your site processes, the more times your required to get certified.
Even if you are running a shopping cart or members area, you’re still required to be compliant. Some sites host their own payment pages and some have a third party host them, but either of these situations still require your site to be compliant and keeping all data safe and secure. If your site is found non-compliant, you risk being fined up to $500,000 per incident.
The best method used to scan and get PCI DSS compliant is to use a PCI DSS scanning company like McAfee security or hackerguardian.com. You can buy the scanning software from McAfee for a little over $300.00 or use an online company and just pay a fee per report. Some SSL certificate companies can scan your domain for free if you are using their services for your SSL certificate. Any server you have that has anything to do with your payment process has to be PCI DSS compliant.
PCI DSS scanning companies will scan your server and look for the same vulnerabilities that a potential hacker would be looking to exploit. Make sure you have root access to any servers you use for hosting payment pages. You should have total control of the hosting pages at all times.
Once your site is certified and secure, add a hacker safe logo on your site. This sends a message to potential would be hackers and makes your customers feel more at ease when providing personal details at your check out or payment pages. The safer a customer feels, the more willing they are to purchase products from you.
PCI DSS compliance is a very important part of doing business online. It is estimated that 45% of all sites are not PCI DSS compliant and up to date. Don’t take this issue lightly when it comes to your business. Protect yourself and your customers. If something goes wrong and you are not compliant, you could be out of business and facing huge fines.
