- The Buzz Term "PCI Compliant"
When it became possible to sell items on the Internet, everyone wanted to do it. It became a dream job. Work at home while your websites work for you all the time, taking money and dropping it into your bank account. It was happening, but the horror stories started to erupt. Identity theft has been traced to charging on the Internet. This scares buyers from shopping at their computers and prefer the real store front.
There are many that believe that it is unsafe to buy or put their credit cards online, and justifiably so. Although this should be, and can be, the safest way to buy. If a site is set up properly, your clients are at no risk. But unfortunately there are a lot of overlooked holes that websites fall into because people trusted their developers to know how to avoid the risks. If you are an online merchant, you have heard the buzz phrase, “PCI compliant.” Is your site PCI compliant and does it have to be?
If you go here https://www.pcisecuritystandards.org/ you can read about what this means for your site's security and what you need to take into account when taking money. If you're using Paypal, it is compliant, but who is taking the credit card number? Is your site taking the number and sending it to Paypal, or is your site allowing Paypal to take the number?
Paypal is a third party for website transactions. It has an easy method to set up a merchant account, but from the programmer's point of view, it is not a user-friendly solution. There are others that work better and are PCI compliant. These are third party sites that offer features which allow a programmer to set your site with customizing to meet your business your needs. A favorite is authorize.net. If you use authorize.net, to what extent are you following along with the compliancy?
- Does hosting for a shopping cart on a site have to be PCI Compliant?
If you have a shopping cart on your website or are thinking of having one, you may have heard about the required PCI Compliancy (as of 2004). This is a security requirement preventing hackers from accessing your forms and data comprising your customers’ ID. Hackers can get to your databases if security isn’t high, and if you stored credit card numbers, hackers can get to them unless you have a PCI Compliant server. Even if you take credit card numbers on your site and do not store them, a hacker can monitor this process if your server is not PCI compliant.
Keep in mind, your website hosting has to be PCI compliant ONLY if you take credit card numbers on your site. This is true especially if you feel the need to store credit card numbers. This is a risk you do not have to take. When you have PCI compliant hosting, it means you need a whole server (computer) to yourself. Hosting is renting space on a computer that is dedicated to the Internet. It is best to use a company that specializes in hosting. They have backup systems for content as well as power supplies. If your area experiences a storm, you should avoid downtime with most hosting companies as they have a backup plan.
If you are a small company and want to have a shopping cart but can not afford the PCI Compliant hosting, there is a way to get around this and still be safe. Most hosting that a small company pays for can do the job for about $20 a month. If you rent a dedicated server, the difference is a much larger monthly fee. Your company can still be held accountable for any misuse of a credit card.
The safest way to take credit cards is to not do it on your site.
Even if your programmer says you are not doing it, if it appears that you are taking them on your site be skeptical. The safest way is to not store any of your customer's data on your site. Every time they
order, they should refill out the data as if it was their first time. This means you do not require a login to your site. When it comes to putting in a credit card, they are redirected to authorize.net or Paypal.
The address clearly shows this.
If you go to http://transnetmedia.com/payonline.php, put in an amount and follow it through without putting in your credit number and you will see it goes to authorize.net with transNET Media ® LLC’s name on it.Your site can add up the amount and even transfer the details of what was purchased to authorize.net. It will then send the merchant a notice to fill the order and the recipient will get a receipt.
Since the merchant is not taking credit card numbers on his site, PCI compliance is not necessary. Go to authorize.net and check. We can help you make it happen. Go to our contact page and email us or call us.