PCI Compliance – What is It?

With the increase in stolen credit cards being used in the world of internet business, PCI compliance or payment card industry has been set as a requirement by the PCI Standards council – so that all online businesses must follow a required standard procedure when dealing with credit cards online. Business owners must pay an approved scanning vendor (ASV) to check you are PCI compliant. They have been approved to test web servers for PCI compliance and are in a position to scan your website as required. These ASV’s run thousands of automated security tests that are unable to be done manually by humans. Credit card companies are very determined to stop credit card fraud by forcing business owners to maintain secure systems and use safer practices, when processing credit card payments. This is what an ASV checks for.

As an online business owner, your first step is to locate an ASV and get tested for PCI compliance. Keep in mind that all online business owners who use credit cards to process payments must be PCI compliant. Generally, PCI scanning takes place quarterly as that is the required period to get re-tests done as set by the PCI standards council. Some companies offer daily PCI scanning which means that your online business will be scanned daily for any issues. This is deemed as unnecessary and time consuming, because as reported by many people, scanning tests take down their servers as a result of the intensity of the tests. Keep in mind, that once a server’s issues are resolved and it’s passed PCI compliance requirements, it is not likely that issues will return quickly, so tests need not to be done on a daily basis. The PCI security standards council requires a scan done once per three months only. Business owners should not get caught up in sales gimmicks offering PCI scanning tests daily. You will simply end up with a strained website and no real extra value.

Now it is not the law that your online business is PCI compliant. But, what you need to be aware and take note of is that all websites are vulnerable to outside threats. There are many hackers and holes out there waiting to be exploited on a genuine website. If a hacker breaks into your business and for whatever reason steals your customer credit card details, this negligence on your part will bar you from being able to use credit cards as a payment method – ever again. However, in case you have already had your PCI compliance, while your reputation may be damaged by such an act, at least you would not be barred from using credit cards as your payment method.

As a bonus, some approved scanning vendors provide online business owners a web seal once they pass their PCI compliance tests. Web seals are a great way to boost online Internet sales. Generally, customers who shop online look for websites which demonstrate trust and credibility. If a website has a web seal on display, it means that the website has been tested for hackers and has been approved by a trusted third party. Customers on websites are are asked to enter their personal details such as name and address, telephone number and credit card details. Customers are wary of wanting to do this simply because of many online scammers and shoddy merchants don’t appear secure or safe enough. Now, if your website displays a good web site seal, this will increase your online sales and attract more traffic. A nice bonus on your way to PCI compliance.