There’s a set of “requirements” called Payment Card Industry Data Security Standards (PCI DSS) that was developed by the PCISSC Payment Card Industry Security Standards Council.
I first heard of these “requirements” in the bar on the last day at Pubcon Vegas 2008, where someone said “Trust me, you’d BETTER learn about it, because they’ll make your life miserable if you don’t…”, and they were sure right.
In 2009 one of my long time consulting clients actually began GETTING FINED by their processor for not being PCI compliant.
At first the fine was about $40 monthly, but that quickly mushroomed, and all of a sudden, they were told that it was several hundred dollars a month.
We changed shopping carts, then worked with the web host, and all was finally resolved, but it took four months and several thousand dollars. Can you afford that unexpectedly?
Before you ask “who has the authority to fine them?” you should know that in their case it was called a “fee” and not a “fine” and it was imposed by their middleman transaction processor, not Authorize.net or their bank.
The official “power” to impose that fee is actually non-existent and totally arbitrary, sort of like blockbuster charging a late fee – because they can.
Get On Top of PCI Compliance NOW
It likely won’t be long before EVERYONE that will process the credit card you take on your website will have to decline your business transactions, and this will put you out of business.
This simply designed to provide a standardized set of consistent security measures for merchants to follow that are handling credit card transactions. – i.e. it’s for our own good.
Yes it’s going to be a pain in the ass to get compliant, but it’s not nearly as bad as trying to recover fraudulent funds that get their transactions reversed after you have shipped or delivered your product, is it?
Worse, will it be as bad as finding out that not only are you being charged a “fee” but in fact, your bank will no longer accept your transactions?
All you have to do is check your site with a vulnerability scanner for PCI Compliance. There are a number of them out there, and your bank should offer one to you soon, if they haven’t already.
In some situations, you may find the need to move to web hosting platform that is claiming compliance that is willing to offer a statement about their compliance, and here’s our statement…
No comments:
Post a Comment