Once you start the process of getting a merchant account so your business has the ability to charge credit cards you will hear the term PCI Compliance. PCI stands for Payment Card Industry which has its own set of rules for ecommerce website to have the ability to charge credit cards.
Unfortunately, the Payment Card Industry holds all the power and your website will comply with their standards or you won’t be able to charge credit cards on your online store.
The following are the twelve steps you need to do with your website to make sure that you comply with all regulations. By already getting this list down can save you time and headaches instead of having the merchant credit card processing company tell you that you need them.
12 Steps to be PCI Compliant and Process Credit Cards
- Firewall: you will need a firewall in place that protects cardholder data
- Passwords: all passwords must be changed to unique phrases and no default software passwords
- Stored info: where you store the card holder data most be protected from hackers
- Encryption: you will need a SSL certificate which encrypts the data being processed
- Anti-Virus: you will need to have and keep updated anti-virus software
- Secure system: your entire system needs to maintained and updated
- Restrict access: you will have to cardholder data visible to restricted access
- Physical access: there can be no physical access to credit card holder’s information
- ID: each order and customer needs to have an unique identifying number
- Monitor: your network needs to be monitored to who has accessed the card holder’s information
- Testing: you most have a protocol in place that regularly tests security systems
- Policy: your policy on how you utilize card holder information has to be visible on your website. Usually placed in footer.