PCI DSS and Security Audits
Omigosh, what we've been going through this week with one dear client whose merchant bank is requiring her to have quarterly security audits. These security audits are part of the new rules adopted in 2006 by the credit card company to better ensure that online transactions are secure.
Suffice it to say that it's been a real drag trying to get the hosting company (not me) to explain why some settings on their server are like they are and changing what we can, etc.
I'm not sure why this client, whose website went live just last month, was chosen when I have other clients who've been online for 9 years that aren't required (yet) to do these audits.
But the point of this posting is not simply to whine; rather, it's to alert you that if you have an online store, your merchant bank/processor can require you to do the self-assessment report and get a quarterly audit of your site.
And if you're considering changing shopping carts, I recommend getting something like aspDotNetStorefront which is an approved shopping cart by Visa/MC/etc. It's not cheap, but at least you know your cart will pass an audit.
And, as I've said before, if you aren't deleting orders from your cart after you've printed them, you should. You can leave the customer's name and login information, but anything related to their credit card should be gone once you've processed the order.
That is so important and it is your sole responsibility. Not mine. Yours.
Happy Thanksgiving!
Suffice it to say that it's been a real drag trying to get the hosting company (not me) to explain why some settings on their server are like they are and changing what we can, etc.
I'm not sure why this client, whose website went live just last month, was chosen when I have other clients who've been online for 9 years that aren't required (yet) to do these audits.
But the point of this posting is not simply to whine; rather, it's to alert you that if you have an online store, your merchant bank/processor can require you to do the self-assessment report and get a quarterly audit of your site.
And if you're considering changing shopping carts, I recommend getting something like aspDotNetStorefront which is an approved shopping cart by Visa/MC/etc. It's not cheap, but at least you know your cart will pass an audit.
And, as I've said before, if you aren't deleting orders from your cart after you've printed them, you should. You can leave the customer's name and login information, but anything related to their credit card should be gone once you've processed the order.
That is so important and it is your sole responsibility. Not mine. Yours.
Happy Thanksgiving!
Labels: merchant, pci dss, security audits
posted by Cindy B at
4:24 PM
0 Comments:
Post a Comment
Links to this post:
Create a Link
<< Home