Chances are, if you're interested in how to start an online store, you've seen the term PCI thrown around, or overheard it in coversations - but what does PCI stand for and what does it mean for your business? Using a non-PCI compliant payment option can cost your business thousands of dollars in fines - here's what you need to know about it.
What does PCI stand for?PCI stands for "Payment Card Industry Data Security Standard". The full acronym is PCI DSS, but most people just call it PCI for short.
What is PCI?PCI is an industry standard designed to make it safer to use credit cards online by making sure that business collecting credit card data transmit and store it securely.
In 2001 Visa created CISP (Cardholder Information Security Program) to help protect customers' credit card information. In 2004 CISP gave way to a joint effort among the credit card companies now known as PCI DSS (Payment Card Industry Data Security Standard). PCI DSS (or PCI for short) developed industry standards for providers and merchants to make sure that cardholder data was being protected when stored and transmitted.
Why is using a PCI-certified provider important?Merchants using a non-PCI certified provider can face some serious fines. Class action lawsuits can be filed, fines of up to $10,000 a month and $500,000 per incident can be imposed; not to mention that if a merchant is found to be incompliant their ability to process transactions can be revoked. Any one of these results can cripple a business. If you want to be successful online you need to make sure that your provider is not going to jeopardize your business, which is why all Volusion payments are PCI-compliant by default.
How does a payment provider get PCI certified?PCI certification requires that providers:
- Install and maintain a firewall
- Not use vendor supplied defaults for security parameters
- Protect stored data
- Encrypt the transmission of sensitive information
- Use and regularly update anti-virus software
- Develop and maintain secure systems and applications
- Restrict access to data on a need-to-know basis
- Assign a unique ID to each person with access to data
- Restrict physical access to data
- Track and monitor all access to data
- Regularly test security systems and processes
- Maintain an information security policy
How do I check if my provider is PCI certified?To check the status of your provider <link http://usa.visa.com/download/merchants/cisp-list-of-pcidss-compliant-service-providers.pdf> you can view Visa’s independently maintained list of certified providers worldwide. Their list documents each certified provider, the assessor that conducted the audit, the services that were reviewed, and the date of validation (so that you know if their certification is current).