The PCI Security Standard Council's PCI-DSS 3.0 compliance was made effective January 1, 2014, but vendors were given until January 1, 2015 to meet these new regulations.
Do you accept credit cards on your website? Your website may be affected by these new regulations.
In the past, directly posting cardholder data from a custom designed form on your website to a PCI-compliant credit card processor was a valid way to make your website compliant. As we have covered in a previous article, it can be quite costly to obtain PCI compliance. Depending on the level of compliance a website must meet, it may be necessary to hire a QSA and find secure, PCI-compliant hosting, which is often several fold more expensive.
These new regulations affect number of popular payment gateway APIs such as:
- Authorize.net DPM
- Stripe.com JS post methods
- 2checkout JS Post methods
- Any other merchant provider using JS to directly post to servers or using a Authorize.net DPM style setup
Savvior understands the technical aspects of producing a PCI-compliant website and maintaining that compliance. Why not just shoot us an email and one of our friendly sales consultants can evaluate your eCommerce setup and make the best recommendations on how to bring your website into compliance. Trust us, in today's day and age you do NOT want to be out of compliance.
The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can be catastrophic to a small business.
It is important to be familiar with your merchant account agreement, which should outline your exposure.