Customer Profile data breach has become common nowadays. Even very big players in the retail segment like Target have been the victim for this kind of attack. Nowadays, most the e-commerce retailers are storing customer’s credit card information in their database along with other profile data such as Shipping/Billing Address, DOB, Telephone number etc.
It is essential for E-commerce store owners who has credit card as one of the payment methods, to make sure that their store is PCI Compliant.
What is PCI Compliance?
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards. (Source: Wikipedia)
To achieve PCI Compliance, an e-commerce store has to satisfy 12 requirements defined by Payment Card Industry Security Standards Council.
PCI DSS Requirements
Build and Maintain a Secure Network
|1. Install and maintain a firewall configuration to protect cardholder data|
|2. Do not use vendor-supplied defaults for system passwords and other security parameters|
|Protect Cardholder Data||3. Protect stored cardholder data|
|4. Encrypt transmission of cardholder data across open, public networks|
|Maintain a Vulnerability Management Program||5. Use and regularly update anti-virus software on all systems commonly affected by malware|
|6. Develop and maintain secure systems and applications|
|Implement Strong Access Control Measures||7. Restrict access to cardholder data by business need-to-know|
|8. Assign a unique ID to each person with computer access|
|9. Restrict physical access to cardholder data|
|Regularly Monitor and Test Networks||10. Track and monitor all access to network resources and cardholder data|
|11. Regularly test security systems and processes|
|Maintain an Information Security Policy||12. Maintain a policy that addresses information security|
Not an issue any more!
If the business model of an E-commerce store’s requirement is to save the credit card details of their customers to complete the Order Processing steps, then it is very essential to have PCI Compliance but the cost involved in setting up a system to meet all the requirements of PCI compliance is very high.
Not an Issue!!! We have Magento and its extensions to reduce your PCI compliance cost.
Magento supports integration with various 3rd party credit card processors like Cybersource (they are PCI compliant by the way!). E-commerce store owners just needs to purchase & install the Magento Extension, configure it and pay for their services which obviously is very less when compared to the cost involved in setting up the system.
It is the right time to understand the importance of PCI compliance, feel free to talk to one of our experts. Commerce Bees will make sure that your e-commerce is PCI compliant with the help of Magento Extensions.