The buzz-acronym thats been rolling around the internet recently is PCI DSS compliance. What does it mean and how do I get it? Well first of all, you typically don’t need it if you’re not handling credit or debit cards in any way, whether through your website or over the phone or in your shop.
If you are (and lets face it, many more companies are selling online now) then you need to ensure that your website is secure. In fact you should ensure your website is secure at all times, whether taking card payments or not. Why? Well, simply because if its not, then your site and hence your online business is seen as a risk which carries with it implications in terms of monthly fines and even cancellation of your Merchant Account meaning that you will not be able to trade.
Thankfully the industry provides services and support to help you with your PCI DSS compliance, but unfortunately unless you’re technically minded, you may struggle to understand the technical mumbo jumbo in the report. Think of PCI-DSS compliance as a kind of anti-virus software solution that doesn’t actually remove the potential viruses, it simply tells you about potential threats based on a scan it carries out against your website.
Like anti-virus software, there are updates to inform you of the new swathe of threats and so each time you run a scan, you may need to update your anti-virus software too. PCI-DSS compliance scanning is similar in that there are always new threats becoming visible, due to updated system software or indeed the lack of updated system software in many cases.
Any ISP worth their salt should offer a solution that caters for PCI-DSS scanning. It probably won’t be free as there are simply too many factors that could be beyond their control but they should be able to help you on the road to becoming PCI-DSS compliant. Another place to look is of course your developer as he/she should also be aware of PCI-DSS compliance.
Now the cynic in us all might suggest that this is another way of the card industry making more money to try to stem the monies already lost from credit and debit card fraud rather than being a tool for good and with altruistic goals. Either way PCI-DSS compliance is here to stay, so make sure you’re aware of it and you have a plan for your website.