PCI Compliance becomes extremely important
December 03, 2010 at 4:26 PM
PCI Compliance becomes extremely important. Apparently, Mastercard have recently raised the bar for PCI compliance again. On June 15th, they've announced that Level 2 merchants (processing between one and three million transactions annually) will now have to undergo an annual onsite assessment for PCI compliance. Previously these merchants were only required to complete the PCI DSS self-assessment questionnaire (SAQ). For more information please see PCICompliance.org.
The onsite assessment, which must be completed by a PCI Qualified Security Assessor, will validate compliance with the twelve requirements set forth in the Payment Card Industry Data Security Standards. The PCI DSS requirements are designed to provide increased controls around data and its exposure to compromise.
As we understood, as long as you're using a Payment Gateway and don't store the credit card details on your server, you're ok with PCI rules. The audit should be an easy task then. If you've opted to store the sensitive credit card data (especially CVV) on your server - that's another story. Therefore, the best way to comply is to use a trusted Payment Gateway.
Alex Abramovich
Web Standards enthusiast
Please add a comment
I think a crackdown on PCI Compliance was way overdue as we saw too many shoddy websites being able to use payment systems just because they somehow passed the SAQ.
Either way, this is a very important issue. Good post Alex.
-Ryan