In an effort to reduce credit card fraud, the Payment Card Industry (PCI) introduced a new “gold standard” for card processing. Known as PCI-DSS (Payment Card Industry Data Security Standard), this new standard requires all businesses processing card payments to adhere to certain security principles – principles that can be extremely costly for smaller businesses to comply with themselves.
There are 12 key requirements for PCI-DSS compliance, from building and maintaining a secure network, to protecting the cardholder’s data, to implementing “strong access control measures”. Most of these requirements should already be part of your company’s security policy, but the PCI-DSS expects you to have these measures regularly audited. Non-compliance with the regulations could cost over €100,000 and lead to trading restrictions being placed on your business.
One of the easiest ways for SMEs to meet PCI-DSS guidelines is to “transfer” responsibility to a third party; however because the regulations expect businesses who store payment card details to implement stringent security measures, it makes sense not to do so. So how can your business take payments without storing card details?
The answer is to use a payment gateway offered by a third party. Protx, NoChex and Paypal all provide payment gateways that can be integrated with your website, but do so in such a way that the payment card details are never actually entered into your website, thereby relieving you of the responsibilities associated with PCI-DSS compliance.
PCI-DSS compliance is essential to your future trading online – make sure you consider this when designing your eCommerce website.