PCI Compliance for E-commerce

All online retailers that accept credit card
payments need to be compliant with the
Payment Card Industry Data Security
Standard (PCI DSS)

Talk to us today

What is PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) is a joint initiative developed by the major

credit card brands including Visa, MasterCard, American Express, Discover, and JCB. The standard

is a response to the increase in online card theft and fraud. The ability of criminals and fraudsters to

monetize stolen cards is well established and can seriously impact your business. The standard

outlines security requirements for companies that accept, transmit, and store cardholder data.

The standard mandates 12 core requirements including demonstrating a minimum of

security management, policies, procedures, network architecture, software design, and other

critical protective measures so business can proactively protect customer account data.

Online retailers are responsible to ensure that payment card data is protected, even if payment processing is outsourced. All online retailers that accept cards for payment purposes, need to achieve, maintain, and prove compliance on an ongoing basis.

Determining your merchant level

The complexity, time, and cost associated with achieving compliance vary according to the merchant level. Each merchant level sets out how compliance with the standard is assessed and reported on.

Currently 4 merchant levels may apply:

Level 1: More than 6 Million Transactions per annum
Level 2: Between 1 and 6 Million transactions per annum
Level 3: Between 20,000 and 1 Million transactions per annum
Level 4: All other merchants.

(Note: Levels are set by the card brands and may vary)

Determining the right SAQ

A Self Assessment Questionnaire (SAQ) is a validation tool to assist merchants and service providers in demonstrating their compliance.

There are 3 SAQs that may apply to online retailers:

SAQ A

This SAQ applies to online retailers who have their website entirely hosted and managed by a PCI-compliant payment processor, or who provide an iframe or URL that redirects a consumer to a PCI-compliant payment processor.

SAQ A-EP

This SAQ is required if the merchant website provides an iframe or URL that redirects a consumer to a PCI-compliant, third-party payment processor while maintaining website elements (such as CSS or JavaScript).

SAQ D

This SAQ applies when an online merchant stores credit card data, or originates payment pages from within a website.

Need help determining your merchant level or SAQ?

Talk to us today

If a breach occurs whilst a merchant is non-compliant, the credit card providers can issue fines. The merchant may be forced to cover chargebacks and may lose the privilege of processing credit cards. The merchant also risks escalation into a higher tier with all the costs associated with those levels and which run into the tens of thousands.

Benefits of being PCI Compliant

The PCI standard has positive implications that go well beyond the avoidance of fines. Benefits Include:

Providing a security framework that helps secure your website and lessen the likelihood of being hacked.
Helping to avoid costly down time and damage to reputation that may be caused by a breach.
Maintaining an online retailer’s privilege of accepting credit card payments and preserving the core of the online shopping experience
Avoiding hefty fines and rigorous compliance requirements.
Maintaining consumer trust and reputation

Getting started with PCI Compliance

Getting started with PCI DSS compliance can be overwhelming. The documentation is extensive and navigating through all the requirements can be daunting for the novice or without having the necessary expertise on hand.

Shearwater can help you map your infrastructure and processes against PCI requirements and fill the gaps. We start with a pre-assessment that outlines the simplest and most cost effective route to compliance.

FREE, No Obligation, Consultation

Talk to us today!

Call us on 1300 228 872 or submit the form below

PCI Compliance for E-commerce

What is PCI DSS?

Online retailers are responsible to ensure that payment card data is protected, even if payment processing is outsourced. All online retailers that accept cards for payment purposes, need to achieve, maintain, and prove compliance on an ongoing basis.

Determining your merchant level

Determining the right SAQ

SAQ A

SAQ A-EP

SAQ D

Need help determining your merchant level or SAQ?

Benefits of being PCI Compliant

Getting started with PCI Compliance

Compliance

Penetration Testing

Managed Services

Phishing Prevention

Company

Subscribe to Our Security Updates

Search for products or services