In order to accept credit or debit card payments, you must follow standardized security rules set out by the Payment Card Industry (PCI) Security Standards Council (https://www.pcisecuritystandards.org).
By complying with these security standards, you will be certified as a PCI compliant merchant. This designation means you commit to protecting cardholder data, thereby reducing the risk of credit card fraud or data loss.
To be PCI compliant, you must pass quarterly vulnerability scans, and complete a security self-assessment questionnaire. You must also adhere to specific data security requirements set by the PCI Security Council.
Your exact requirements will depend on the size of your business, but include standards for:
-
Network security
-
Day-to-day business practices
-
Secure backup
-
Data storage and disposal
-
Credit card number encryption
-
Commerce software and hardware
For more details and full requirements, please visit these links:
The PCI Security Standards Council website: https://www.pcisecuritystandards.org
PCI Compliance Guide: http://www.pcicomplianceguide.org
Please note: HostPapa is certified as a PCI compliant ecommerce merchant, however, it is the responsibility of each ecommerce website owner and operator to be PCI compliant.
See also: Why you must be PCI compliant
The above article includes information on how to sell merchandise without being PCI compliant, by using a third-party payment processing service such as PayPal.
