What merchants don’t know about the technical side of protecting customer data can be costly.
The Payment Card Industry Data Security Standard (PCI DSS) describes 12 system and procedural requirements for securing customer credit card data that is transmitted, processed, or stored by an online merchant.
In order to accept credit cards as a form of online payment, merchants are expected to comply with the PCI DSS standard. In an effort to meet this requirement, online stores dutifully encrypt data transmissions with a secure socket layer (SSL) or even extended validation SSL, which is great, and implement a policy of not storing credit card data, which is also important. What is often overlooked, however, is that an online store is responsible for every credit card number that passes through (touches, if you will) its web servers.
So, some stores are failing to comply simply by not recognizing that some credit card data may be in log files or could have been hacked during the transaction, even if the merchant did not realize that his or her website was handling that number.
While you don’t need to be a web developer to understand PCI DSS, it can help to be familiar with the technical side of PCI DSS to ensure that your business is doing all that it can and should do to protect customer credit card data.
This Webinar Can Help
On February 25, 2010, Ecommerce Developer, the companion site to Practical eCommerce, will host a free webinar describing the technical side of PCI DSS and explaining some of the things that web developers and merchants can do to not only protect customer data but also pass the responsibility for that customer data on to a third party specializing in PCI compliance. We invite you to attend.