PCI Vulnerability Standards

PCI vulnerability standards, otherwise known as, PCI DSS (payment card industry data security standards) are a long list of requirements that businesses of all sizes are required to follow if they accept or store credit cards at their business.  This probably includes most businesses as most businesses do accept debit, credit and prepaid cards.  If you are an online business owner, you are probably aware of the additional burden placed on your business back since 2006.  Research shows that merchants have collectively spent more than $1 billion on PCI compliance to keep their businesses secure. This can seem completely overwhelming, as the people, money and time that you’d rather dedicate to your customers, will instead be spent generating, applying and managing what you need to stay compliant. There are many companies out there that can help you with your compliance, and you shouldn’t hesitate to check them out.  It can save you some time and money.

In short, the function of the PCI vulnerability standards is to create as secure of an environment as possible for you to process credit cards. The PCI council has broken it down into 12 main security requirements that all merchants are supposed to strive for in order to be truly PCI compliant. However, the extents to which the 12 requirements need to be met depend on the number of transactions that a company processes in a year, which are separated into 4 levels.

PCI scanning is another important part of the PCI vulnerability standards and PCI compliance.  You may also have heard it called Vulnerability Scanning.  This is when you have an approved scanning vendor (ASV) scan any and all IP addresses that the public has access to that have to do with your website or the transaction process. This typically includes your websites IP address; however, if you transfer your customers to a third-party shopping cart hosted by your shopping cart provider during the checkout process, then you should include their IP address to be scanned as well.

In short, the PCI vulnerability standards are one of the most important parts of any business these days.  Penalties for not complying can be severe, including enormous fines or possibly the merchant’s loss of the ability to accept credit card payments. So don’t take it lightly.  Besides, when you are in compliance, your customers will know that you have taken the extra steps needed to make your website and business safe, which will result in more sales for you.


Speak Your Mind