PCI (payment card industry) compliance will be mandatory, and the deadline for all merchants and processors to be PCI compliant is July 1, 2010.  PCI compliance is required if you are receiving, storing or processing the Primary Account Number (PAN) or the main credit card number of the customer, which is usually no longer than 19 and no less than 16 digits in length.  In addition, a merchant or acquirer must remember that if a PAN is being stored or processed, the other information such as CVV/CVC and card holder information must be protected as well.

A common misconception is that PCI Compliance is a law, it is not a law yet.  It is a security standard set by the five major credit card companies Visa, MC, Amex, Discover and JCB.  The official name for the group is the PCI Security Standards Council.  Prior to the councils formation, each credit card company had its own set of security standards, now with the unity of the five credit card companies forming PCI SSC there is one set of security standards instead of five.     

There are 4 different merchant levels along with requirements for PCI DSS Compliance:

Level 1 – a merchant that transacts over 6,000,000 per year.  The merchant will be required to bring an assessor on-site called a QSA to evaluate the security and create an in-depth report on compliance.  Quarterly PCI Scans will also be mandatory.

Level 2 – a merchant that transacts between 1,000,000 – 6,000,000 per year.  Instead of a full report on compliance, the PCI Council will allow Level 2 merchants to complete a PCI Self-Assessment Questionnaire (SAQ).  Quarterly PCI Scans are mandatory.  Level 2 merchants will also need to complete a one page document that states that they don’t store certain card data information on file.

Level 3 – a merchant that transacts between 20,000 – 1,000,000 per year.  In place of a full report on compliance, the PCI Council will allow Level 3 merchants to complete a Self-Assessment Questionnaire (SAQ).  Quarterly PCI Scans are also required.

Level 4 – a merchant that does between 1 and 20,000 transactions a year.  Instead of a full Report On Compliance, the PCI Council will allow Level 4 merchants to complete a Self-Assessment Questionnaire (SAQ).  Quarterly PCI Scans are mandatory.

If you are a merchant that does not understand what PCI compliance means to you, check with your merchant service provider or website programmer so they can guide you through what you will need to do to become PCI compliant before July 1^st.

Approximately 85% of online shoppers are concerned with their security, as well they should be. Credit card fraud and identity theft is at an all time high following the explosion credit card transactions made through the Internet. This is why it is extremely important for online retailers and businesses to gain the trust of customers, helping them to believe in the security of your eCommerce system. According to recent research by TNS, 65% of purchases are lost when the customer reaches the check-out area. This is largely due to doubt in the security of the credit card form, which can be avoided by making sure your website displays proper security measures.

Many eCommerce savvy shoppers have learned to look for certain signs of security before entering their credit card information. Some of the most typical security signs are “https” and the padlock graphic found in the URL of the website. The padlock graphic is a VeriSign Secured Seal, one of many companies providing secure transaction online. Almost four out of five Americans recognize the VeriSign Secured Seal, making it an extremely effective security mark. Newer browsers make it possible for authenticated certificates to be detected, displaying the address bar in green. However, most people do not have this feature to help them along and are looking for other signs.

Most reputable companies providing online transaction security utilize SSL technology. SSL, or Secure Sockets Layer, is a military grade encryption that protects customer credit card information as it is transferred on the Internet. This type of information encryption authenticates identity information in association with the credit card data by an authority, verifying the identity of the owner of that certificate. Thought SSL is not a required element for shopping cart security, it certainly shows your commitment to the level of security customers will experience.

The use of these online security measures not only provides protection, it also helps to demonstrate the authenticity of your business. Some customers may still be wary to enter their credit card information online, but the demonstration of such security measure may help them in deciding to make a transaction over the phone, or perhaps contact you for further information. Online retailers see an increase in sales on an average of ten percent after installing some form of security system on the payment pages of their website. This should be a sign to retailers that customers are really looking for ways to make sure their credit card information is safe. Earn the trust of online shoppers by providing the professional security people want.

Merchant accounts make it possible for businesses to provide credit card processing for card present and card-not-present transactions. For more information on credit card processing visit http://www.stradafee.com