In short, the function of the PCI vulnerability standards is to create as secure of an environment as possible for you to process credit cards. The PCI council has broken it down into 12 main security requirements that all merchants are supposed to strive for in order to be truly PCI compliant. However, the extents to which the 12 requirements need to be met depend on the number of transactions that a company processes in a year, which are separated into 4 levels.

PCI scanning is another important part of the PCI vulnerability standards and PCI compliance.  You may also have heard it called Vulnerability Scanning.  This is when you have an approved scanning vendor (ASV) scan any and all IP addresses that the public has access to that have to do with your website or the transaction process. This typically includes your websites IP address; however, if you transfer your customers to a third-party shopping cart hosted by your shopping cart provider during the checkout process, then you should include their IP address to be scanned as well.

In short, the PCI vulnerability standards are one of the most important parts of any business these days.  Penalties for not complying can be severe, including enormous fines or possibly the merchant’s loss of the ability to accept credit card payments. So don’t take it lightly.  Besides, when you are in compliance, your customers will know that you have taken the extra steps needed to make your website and business safe, which will result in more sales for you.

Anti-virus Software:  This is used to prevent, detect, and remove malware, including computer viruses, worms, and trojan horses. Such programs may also prevent and remove adware, spyware, and other forms of malware. This can be purchased or downloaded via the internet.  Special care should be taken when choosing your anti-virus software, as some programs are not effective as others.

Manage Your Website Over Encrypted Connections: Make it a habit to use proven encrypted protocols like SSH to securely access resources and transmit data. When registering new customers for your site, always use maximum encryption.  You must give your customers a guarantee that you won’t share their data with any third parties.

Verify That Your Website Is  A “Legitimate” Business – Display Trust Marks: Some things that a website should included that show security and trust, are a privacy policy, terms of use, refund policy, testimonials, FAQ/sales support section, digital certificate/data security page, copyright statement on every page, well written “about us” page, and address and phone number contact page.  Also, display trust marks or trust seals on your website showing that the site has been verified by a third party. It is important for your customers to know that your website is legitimate and can be trusted.

Have current vulnerability assessments and PCI scanning performed: You should have your website scanned by an approved scanning vendor at least quarterly, but preferably daily.  This is important to do, so that any vulnerabilities that are found on your website can be corrected quickly and you won’t suffer any security breaches or downtime, which means lost sales.

Be Proactive and Keep Your Website Updated With New and Changing Security Solutions: Even the most well maintained and antivirus solutions packed into a small business website can have a problem or two from time to time.  Protect important information by hosting data backup systems.  Keeping your business website secure requires a certain degree of diligence. You may even want to consider hiring a company to help you.

These are just a few of the most important website security measures to get you started.  There are more you should think about. Some of these tips make seem like commonsense, but you would be surprised at how many small business owners neglect some or all of them, if for no other reason than just because they are so tied up in the other business priorities.  Just remember it is super important.  Hopefully this checklist helps.