PCI compliant yet? Here, have an aspirin...

By the time you've learned what PCI compliance means - never mind learning what's actually required for your business to become PCI Compliant - you've learned more than a human brain is currently capable of holding.

If you accept credit cards as a payment option in your business - especially if you accept credit cards online - the PCI DSS (Payment Card Industry Data Security Standards) requirements must be met. These standards protect your customers, and make no mistake, they protect the merchant, too. Not only does it protect your customers from credit card theft, identity theft - all those nasty things - but it protects the merchant from thousands of dollars in possible penalties, lawsuits and a world way beyond simple aggravation.

The banks themselves are fined for violations, but as stated in the PCI Compliance Guide, "the banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees." This can be deadly to a small business.

Is it a law? Not strictly speaking.  It's not federal law - not yet anyway - but there are some state laws already, and your merchant provider or acquiring bank is likely already requiring it.  Even if you use 3rd party processors (which would include PayPal, WorldPay, 2CheckOut), you are still required to be compliant.  Still, the work and cost to achieve compliance is much easier to deal with.

When I started this business, I went through an agonizing week learning about PCI compliance.  Learning that my little business was going to require thousands of dollars in security scans, learning that I was in arguably the worst possible group (meaning, the compliance was hardest to meet), attempting to fill out a form that requires a PhD in Computer Science and Gobbledy-Gook to understand (at the time it was a thank-you-very-much  82-page form*), and the worst of it: vacillating back and forth between all this and shutting down my business.

I don't mind telling you, I was a wreck, but with a lot of perseverance and digging into alternatives, merchant accounts and payment processors, I successfully took steps to ensure my own PCI compliance. If you do business with me, you may rest assured that your data and personal information is absolutely secure.

And I still have the headache to prove it.

There is a ton of information out there on the internet about PCI compliance, but I recommend you go to the horse's mouth first. Visit The PCI Security Standards Council at http://www.pcisecuritystandards.org/

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Do you build eCommerce sites?

Yes. We can develop full ecommerce sites (front and backend and database-driven); however, due to...

I have a only a small number of items I want to sell on the web. Do I have to have a full shopping cart system?

No, you don't. If you have a small number of items, PayPal or Google Checkout may be the...

What is an SSL Certificate?

SSL is an acronym standing for Secure Socket Layer.  In a nutshell, this is a technology which...

What forms of payment do you take?

In addition to standardized invoicing and check acceptance for our design services, we also...

Interested in an eCommerce Business?

Whether it's a service or a product - advertising and selling on the internet can substantially...