Four Steps for a PCI Compliant Web Site
Contact us at
Contact us now
4 steps to make your Web site PCI Compliant
We’ve all read about the security breaches at national retailers and even financial institutions. Smaller retailers and online stores should pay attention and learn about data security. If you have a retail Web site or work on retail Web sites, most likely you’ve heard about the Payment Card Industry (PCI) Compliance Standards. These standards were created by the major credit card companies.
The PCI standards are not laws imposed by the government but are contractual obligations with the credit card companies. If a retailer does not comply with standards, the credit card companies may impose fine or sanctions. Your merchant bank may have already notified you about complying with the compliance regulations.
What steps should you take to ensure that your retail Web site is PCI Compliant?
Step 1: Determine your PCI Compliance level:
- Level 1: Merchants which process over 6 million annual transactions or have already suffered an attack resulting in compromised data
- Level 2: Merchants which process between 150,000 to 6 million annual transactions
- Level 3: Merchants which process between 20,000 and 150,000 annual transactions
- Level 4: Merchants which process less than 20,000 annual transactions
The ease with which your company can achieve PCI compliance depends on your level. The requirements for each level are:
- Level 1: Annual on-site security audit and quarterly network security scan
- Level 2 and 3: Annual self assessment questionnaire and quarterly scan by an approved PCI scanning vendor
- Level 4: No need to report compliance but must maintain compliance
The scan is a vulnerability assessment scan which checks all externally facing IP addresses involved with processing credit cards (acceptance, transmission and storage)
Step 2: Before requesting your scan, contact your Web developer or shopping cart company and ask if the programming code is PCI compliant. Next ask your Web hosting company if your shopping cart and database are PCI compliant. If not, ask them to move your site to a more secure server or find another host which is PCI compliant. Learn more about our PCI Compliant ecommerce solution.
Step 3: Contact a PCI approved scanning vender such as Security Metrics and request to have your Web site scanned for any vulnerabilities. If your site passes the scan, congratulations! Be sure to continue the scanning on a quarterly basis.
Step 4: Report your compliance by giving the PCI scan and self-assessment questionnaire to your merchant bank.
Complying with the PCI standard involves time and money. However, the consequences which may occur if your retail Web site and customer data are compromised will be far more costly in terms of lost business and a tarnished reputation. For more information about PCI Compliant hosting in our Seattle data centers, visit PCI Compliant hosting.