Are You Storing Credit Card Information on Your Website?

If you are, are you PCI compliant? If you’re not sure or you don’t know what I am talking about, I strongly urge you to give someone a call who understands website security. I can be reached at 920-651-1376 to answer questions for you.

The Payment Card Industry (PCI) compliance standards are not laws; they are contractual obligations with credit card companies. Credit card companies may enforce stiff fines (as high as five figures) and revocation of card processing privileges for organizations that don’t comply.

If you store credit card information in your server, then it is your responsibility to comply with PCI standards. Becoming PCI compliant is a very costly and lengthy process. The average small business can’t afford to be doing this, yet through my website consulting career, I’ve seen, and continue to run into people who setup shopping carts that are storing credit card numbers on their website. I have also seen sites that ask for secure information which gets emailed (without encryption) and forms asking for information that were not encrypted with a secure SSL certificate.

Bottom line - If you are not properly setup to take credit card information online, you are exposing yourself to a lot of liability. Not just from the credit card companies, but from lawsuits and the Federal Trade Commission, who is also cracking down on organizations that accept, capture, store, transmit or process personal information. Your website is visible by the public and may be a target for hackers. Why would you assume the liability of storing secure information on your website?

For shopping carts you want to setup a secure (SSL) certificate and interface with a payment gateway such as Authorize.net or PayFlow Pro. The payment gateway will securely process the credit cards and they are PCI compliant.

You can contact Mike Pulvermacher at (920) 651-1376 for more information.

Mike Pulvermacher is the President/Founder of eBizResults, LLC, 1000 Oregon Street Suite A, Oshkosh (eBizResults.com). His team provides a variety of services including, website planning, development, marketing, hosting, database application programming, search engine optimization and seminars.