Chances are, if youre interested in how to start an online store, you've seen the term PCI thrown around, or overheard it in coversations - but what is PCI and what does it mean? Hopefully this article will answer the questions you have wondered about but were too afraid to ask.
What is PCI?In 2001 Visa created CISP (Cardholder Information Security Program) and in 2004 CISP gave way to a joint effort among the credit card companies now known as PCI DSS (Payment Card Industry Data Security Standard). PCI DSS (or PCI for short) developed industry standards for providers and merchants to make sure that cardholder data was being protected when stored and transmitted.
Why is using a PCI-certified provider important?Merchants using a non-PCI certified provider can face some grave consequences. **Class action lawsuits can be filed, fines of up to $10,000 a month and $500,000 per incident can be imposed; not to mention that if a merchant is found to be incompliant their ability to process transactions can be revoked.** Any one of these results can cripple a business. If you want to be successful online you need to make sure that your provider is not going to jeopardize your business.
How does a payment provider get PCI certified?According to Visa PCI certification requires that providers:
- Install and maintain a firewall
- Not use vendor supplied defaults for security parameters
- Protect stored data
- Encrypt the transmission of sensitive information
- Use and regularly update anti-virus software
- Develop and maintain secure systems and applications
- Restrict access to data on a need-to-know basis
- Assign a unique ID to each person with access to data
- Restrict physical access to data
- Track and monitor all access to data
- Regularly test security systems and processes
- Maintain an information security policy
How do I check if my provider is PCI certified?To check the status of your provider <link http://usa.visa.com/download/merchants/cisp-list-of-pcidss-compliant-service-providers.pdf> you can view Visa’s independently maintained list of certified providers worldwide. Their list documents each certified provider, the assessor that conducted the audit, the services that were reviewed, and the date of validation (so that you know if their certification is current).
Is Volusion payment processing PCI-Compliant?Of course! If you have a Volusion store, all payment processing is automatically 100% PCI-compliant - encrypted, secure, and rigorously tested to make sure your customers are safe. Not only that, but since all of our store templates are built from scratch by professional designers and ecommerce pros, Volusion store owners **sell an 4x more than other hosted shopping carts** - that's a lot more payments to process! Try a 14-day free trial of Volusion's all-in-one ecommerce platform today - no credit card needed.
-Kate Pierce, Volusion