My Merchant Account Blog
PCI Compliancy is an Ongoing Process
Tuesday, June 19, 2007
Once you are PCI (Payment Card Industry) compliant, you should stay PCI compliant. Usually, you rely on your electronic payment gateway (Linkpoint, Payflow, Authorize.net/Cybersource, etc) or your IPSP (Internet payment service provider) to stay PCI compliant. This is a standard that the card associations (American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International) created to help maintain and implement the security standards of cardholder data.Visa updates the list of processors and companies who are PCI compliant on a regular basis. For example, Aplus.net and iTransact allowed their PCI compliancy lapse on May 31,2006 and Cybersource allowed their PCI compliancy lapse on June 30, 2006. Aplus.net is a webhosting provider that offers e-commerce solutions. So if you are relying on their network to be compliant, you might be liable for any breech. Cybersource is an electronic payment gateway that is used by thousands of merchants. Allowing their compliancy to expire, even for a few days, should be unacceptable to merchants and customers who rely on their system to securely process transactions. Of course, these companies just might be late in reporting to Visa that they are PCI compliant.
Google Checkout
Another company that has allowed their status to lapse is Google Checkout. They allowed their PCI compliancy to expire on February 28, 2006. Your credit card data might not be as secure as you would like to think consumers. Even though Google is a large corporation, there is no excuse with not complying with the standards set forth by the card associations. As with Aplus.net, iTransact, Cybersource, they might just be late in reporting their status to Visa.Remember, it is your responsibility, as a merchant, to ensure that the provider you are using is compliant with the security standards. If a service provider has allowed their PCI compliancy to lapse, you might consider contacting them to check on the status or switching to a provider that is compliant.
All payment gateways are required to have an on-site security audit annually and a network scan quarterly.
Comments
Greg said...
I have admire your unselfishness in taking the time to make this web site.
George said...
Great post!
Search My Merchant Account Blog
My Merchant Account Blog Categories
- Chargebacks (9)
- Electronic Payment Gateways (6)
- In The News (7)
- LinkPoint Gateway (4)
- Merchant Accounts (32)
- Miscellaneous (18)
- PCI DSS (12)
- Quantum Gateway (8)
- Security (8)
- Web Hosting and Design (5)
My Merchant Account Blog Archives
- August 2010
- July 2010
- January 2010
- December 2009
- September 2009
- August 2009
- May 2009
- April 2009
- January 2009
- December 2008
- September 2008
- April 2008
- March 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
My Merchant Account Blog Recent Entries
- Comparing Electronic Payment Gateways
- Your Merchant Account Blog
- E-Commerce Chargebacks and Its History
- Reducing Fraudulent Transactions in ECommerce with the Quantum Gateway
- Vetting the Transaction - More Options
- Vetting the Transaction - Verified by Visa and MasterCard Secure Code
- Vetting the Transaction - Card Verification Value or Card Identification Number
- Card Verification Value - Card Verification Code - Card Identification Number
- Vetting the Transaction - GeoIP
- Vetting the Transaction - Calling Your Customer
Sign Up for a Merchant Account
Accept Credit Cards with a Merchant Account - No Termination Fee, No Contracts
Merchant Account
Resources Directory
Check out the new
Merchant Account Resources Directory
Feel Free to submit you link!