PCI Compliance for E-commerce
All online retailers that accept credit card payments need to be
compliant with the Payment Card Industry Data Security Standard (PCI DSS).
Online retailers are responsible to ensure that payment card data is protected, even if payment processing is outsourced. All online retailers that accept cards for payment purposes, need to achieve, maintain, and prove compliance on an ongoing basis.
Determining your merchant level
The complexity, time, and cost associated with achieving compliance vary according to the merchant level. Each merchant level sets out how compliance with the standard is assessed and reported on.
Currently 4 merchant levels may apply:
- Level 1: More than 6 Million Transactions per annum
- Level 2: Between 1 and 6 Million transactions per annum
- Level 3: Between 20,000 and 1 Million transactions per annum
- Level 4: All other merchants.
(Note: Levels are set by the card brands and may vary)
Determining the right SAQ
A Self Assessment Questionnaire (SAQ) is a validation tool to assist merchants
and service providers in demonstrating their compliance.
There are 3 SAQs that may apply to online retailers:
SAQ A
This SAQ applies to online retailers who have their website entirely hosted and managed by a PCI-compliant payment processor, or who provide an iframe or URL that redirects a consumer to a PCI-compliant payment processor.
SAQ-EP
This SAQ is required if the merchant website provides an iframe or URL that redirects a consumer to a PCI-compliant, third-party payment processor while maintaining website elements (such as CSS or JavaScript).
SAQ D
This SAQ applies when an online merchant stores credit card data, or originates payment pages from within a website.
Need help determining your merchant level or SAQ?
If a breach occurs whilst a merchant is non-compliant, the credit card providers can issue fines. The merchant may be forced to cover chargebacks and may lose the privilege of processing credit cards. The merchant also risks escalation into a higher tier with all the costs associated with those levels and which run into the tens of thousands.
Benefits of being PCI Compliant
The PCI standard has positive implications that go well beyond the avoidance of fines. Benefits Include:
- Providing a security framework that helps secure your website and lessen the likelihood of being hacked.
- Helping to avoid costly down time and damage to reputation that may be caused by a breach.
- Maintaining an online retailer’s privilege of accepting credit card payments and preserving the core of the online shopping experience
- Avoiding hefty fines and rigorous compliance requirements.
- Maintaining consumer trust and reputation
Getting started with PCI Compliance
Getting started with PCI DSS compliance can be overwhelming. The documentation is
extensive and navigating through all the requirements can be daunting for
the novice or without having the necessary expertise on hand.
Shearwater can help you map your infrastructure and processes against PCI
requirements and fill the gaps. We start with a pre-assessment that outlines
the simplest and most cost effective route to compliance.
FREE, No Obligation, Consultation
Talk to us today!
Call us on 1300 228 872 or submit the form below