Yes, all merchants accepting credit card transactions must be PCI compliant. PCI compliance refers to the security standards set out by the card payment providers (PCI council) like Visa and MasterCard. All merchants, shopping cart providers and payment gateways must adhere to. Not complying is like driving your car without insurance – not recommended as the results can be dire if something goes wrong.
The part we play in helping your business attain and maintain PCI compliance is the following:
- We keep our servers in a PCI DSS compliant state and have this externally audited every quarter by internationally recognised security authority, Comodo. We have a quarterly certificate issued by this provider to attest to our compliance.
- Scanning is only one part of compliance: we also adhere to PCI DSS rules and best practices for security (e.g. password lengths, not writing down credit card information, destroying secure and private information, having a privacy policy and physical security measures etc).
Your business procedures determine the rest of your compliance status.
A common misconception about PCI compliance is that you don’t need to worry about it unless you are accepting credit cards directly in to your website but this is not correct. PCI compliance is about the whole of your business processes and not just the checkout of your site.