PCI DSS Compliance
As an online retailer, if you take credit or debit cards as a payment method you should be Payment Card Industry Data Security Standard (PCI DSS) Compliant.
We (View 6) do not have sight of your PCI DSS Compliance, as it is a relationship between you, your PCI DSS Auditor and your Card Issuer/Merchant Bank.
You need to meet PCI DSS compliance regardless of the number of payments, the type of cards you accept or how you take payment online – this includes using Paypal (https://www.paypal.com/uk/webapps/mpp/pci). Your obligation to be PCI DSS Compliant is independent of the platform you use to run your online store i.e. it is not specifically related to Magento, Shopify or any other e-commerce platform. PCI DSS compliance is explained in more detail here: http://www.theukcardsassociation.org.uk/security/what_is_PCI%20DSS.asp
Your Card Issuer or Merchant Bank will have made you aware of the need to be PCI DSS Compliant, and the consequences that you may face should you not be compliant. These include fines, trading costs and other penalties.
You can find out more about why is this important here:
http://www.theukcardsassociation.org.uk/security/PCIDSS_compliance.asp
PCI DSS compliance is the responsibility of the retailer and we strongly urge you to ensure that you are compliant. If you are unsure, or know you are not compliant, please contact your card issuer or Merchant Bank and they will put you in contact with their preferred data security and compliance provider (PCI DSS Auditor).
We (View 6) do not offer PCI DSS Compliance Audits or Services, but we can act on the advice of your PCI DSS Auditor.
How do I know if I am PCI DSS Compliant?
You will be paying for PCI DSS Scan, which may be quarterly. If you have not had a PCI DSS Scan in the last 3 months, then you are not compliant!
My web host is PCI DSS Compliant, so I must be?
No, just because your hosting company has PCI DSS Compliance it does not mean you and your business also have CPI DSS Compliance.
What would I be doing regularly if I were PCI DSS Complaint?
Some example steps you will be taking at the moment, if you are maintaining your PCI DSS Compliance, include:
– Your website would be regularly scanned by a PCI DSS Auditor
– You will be installing all security patches with 1 month of their release.
– You will have completed a PCI DSS Self Assessment form.
– You would never share or re-use password information
PCI Compliance cannot be ignored, we want to be sure that you understand your obligations regarding this.