PCI (Payment Card Industry) compliance applies to all organizations and merchants regardless of size or number of transactions. In place since 2005, it protects credit card data from hacking and fraud. You can view the standards here. One card provider, Visa, categorizes merchants into four levels based on transaction volume over a 12-month period.
- Merchant Level 1 – processing over $6m/year
- Merchant Level 2 – processing $1-6 million/year
- Merchant Level 3 – merchant processing 20,000 to 1 million/year
- Merchant Level 4 – merchant processing fewer than 20,000 e-commerce transactions per year and processing up to $1m/year
Any merchant that has been hacked and account data compromised may be escalated to a higher validation level.
The best way to protect yourself is to not store any cardholder data.
Questions you need to know from your hosting provider:-
- When do I need to file?
- What forms do I need to fill in?
- Will you send me reminders?
- What information do you provide me?
The fines for non-compliance or confirmed security breaches vary according the payment card providers. Fines are hefty and best avoided. For more information, read the PCI-DSS comprehensive guide.
Other Posts by Jacob Smith:
- Plugins to ensure security during payment processing on your WordPress site
- Security Tips for Your WordPress Website
- Taking payments online – when to upgrade from a personal PayPal account?
- Why PayPal Falls Short When Pitted Against a Real-Time Payment Solution
- Crack Open This Geode – and Find Your Credit Cards are Stored Inside!