PCI DSS and Security Audits

  • by

Omigosh, what we’ve been going through this week with a client whose merchant bank is requiring her to have quarterly security audits.  These security audits are part of the new rules adopted in 2006 by the credit card company to better ensure that online transactions are secure.

It’s been a real drag trying to get er web host (not me) to modify some settings on their server to become PCI compliant. 

I’m not sure why this client, whose website went live just last month, was chosen when I have other clients who’ve been online for 9 years that aren’t required (yet) to do these audits.

But the point of this posting is not to whine;  it’s to alert you that if you have an online store, your merchant bank/processor will, at some point, require you to do the self-assessment report and get a quarterly audit of your site.

And if you’re considering changing shopping carts, I recommend getting something like aspDotNetStorefront or AbleCommerce which are approved shopping cart by Visa/MC/etc. It’s not cheap, but at least you know your cart will pass an audit.   A less expensive cart like PDShopPro can also pass as long as you use a gateway to process charges.

And, as I’ve said before, if you aren’t deleting orders from your cart after you’ve printed them, you should. You can leave the customer’s name and login information, but anything related to their credit card should be gone once you’ve processed the order.

That is so important and it is your sole responsibility. Not mine. Yours.

Happy Thanksgiving!