Every website or company that accepts online payments in a certain form, mгst meet and follow the requirements of Payment Card Industry Data Security Standards (PCI-DSS). The standards are governed and established by major credit card companies (Visa, MasterCard, American Express, JCB and Discover).
The goal of being compliant with PCI-DSS is in ensuring the secure trans ition of monetary means and storing (handling) cardholder sensitive data.
We, as a software development company, like to tell you how we deal with requests of our clients on creating websites and software that deals with payments online.
Note: pay attention that this blog post is not, in any case, should be considered as legal advice. We are describing our experience only.
Anyhow, customers of your e-commerce company rely on your ability to protect their data. In most cases, this is vital for their protection, hence your stable operating.
We prepared this guide to explain the goals and requirements of PCI compliance, best practices for securing e-commerce websites, and tactics to combat threats against online stores.
What is PCI Compliance?
The PCI Data Security Standards (PCI DSS) includes general practices, such as restricting cardholder information and the need for creating safe, non-default passwords, as well as more in-depth practices like encryption and the use of a firewall.
The PCI Security Standards Council is a global organization formed by major credit card companies, including Visa, Mastercard, Discover, and American Express.
If you operate an e-commerce site, PCI compliance is mandatory. It is not dictated by the volume of transactions or restricted solely to the storage, transmission, and processing; it applies to any business that allows credit card payments.
With PCI, everything is about reducing the attack surface. For an e-commerce site, this specifically involves the Card Data Environment (CDE) – the manner in which you handle credit cards on your site. Even if you leverage third-party services like Stripe, Recurly, PayPal, or another secure payment option, you have an obligation to follow the requirements as set forth by PCI DSS.