PCI Compliance for E-commerce: Key Guide for Your Website

by

The Payment Card Industry Data Security Standard (PCI-DSS) is a set of standards that is required for any business (of any size) which accepts credit cards. It was created by Visa, Mastercard, AMEX, Discover and JCB (as a group) to reduce credit card fraud and increase controls around credit card data. If your company accepts one of these cards, this applies to you.

The Penalties are Definitely Worth Avoiding

For the owner of a WordPress site that accepts credit cards via WooCommerce, a simple payment form or other shopping cart (or any other e-commerce website), what’s most important to understand is that PCI-DSS compliance is a standard that must be maintained in order to continue accepting credit cards. Penalties for non-compliance range from $5,000 to $100,000 per month depending on the size of the business and degree of violation.

Keeping Cardholder Data Secure

In a nutshell, PCI compliance means keeping cardholder data safe from hackers and others who intend to steal it. This is incredibly important for eCommerce as well as other financial industries such as credit union website design. PCI compliance includes security measures such as SSL encryption (you can tell if a page is encrypted because it begins with https:// instead of http://) and network security such as firewalls, regular anti-virus scanning and other security measures (including the way that you access your customers’ payment card data) to keep the data safe from prying eyes (and robots).

Yeah, But Who Specifically Needs to do PCI?

It is worth noting that PCI compliance needs the ongoing attention of several people:

  • The web developers who design, configure and code your website and e-commerce process
  • The system administrators who maintain the network servers that the site is hosted upon (sometimes these are the same people as those in the first bullet, but usually not)
  • The company selling the product / service being paid for by credit card

Each of these people have separate and crucial responsibilities in the process, and they all come together in a PCI compliance report – which is, at its heart, a list of practices to be adhered to as well as a list of vulnerability test results. When passing, it will be a report listing each criterion (such as “server accepts plain text credentials” or “website allows insecure cookies to be set”) with a green check-mark. When all of the check marks are green, a large PASS appears at the top. Pretty simple, right?

Since configuration settings sometimes change on websites and / or servers when new plugins or server updates occur, it is important that they are maintained regularly.

SAQs and Scans – the ABCs of the Compliance Process

A PCI compliance report includes a self-assessment questionnaire to be filled out by the business owner as well as a website vulnerability scan which is completed by the web developer and / or system administrator. The scan assesses the website and the network server that it is hosted on, the network itself, and any other application that may be employed on the site. As you may imagine, these are fairly technical and can be quite complex, but the report comes down to a simple pass/ fail.

PCI compliance and website security in general deserve attention before there is a security problem. WordPress, just like every computer application, has some unique security considerations when it comes to PCI compliance.

We’re Easy to Chat With

We have lots of experience in making WordPress (and other e-commerce platforms such as Magento) PCI compliant. If you have questions about your specific platform, drop us a line.

 

Comments are closed.

Work With Us

We've been building websites for over twenty years, and have learned a thing or two about how to make web projects go smoothly.


What Our Clients Say

Watermelon Web Works, LLC place picture
Watermelon Web Works, LLC
4.7
Based on 19 reviews
powered by Google
review us on
OMS Anita profile picture
OMS Anita
22:20 29 Nov 24
Watermelon Web Works has been incredible to work with. They are patient, understanding, and quick to answer any questions (or emergencies) you might have. After switching over to them to help re-vamp our online retail store, we hired them to build our wholesale website as well. I can't recommend them enough - Thank you team!
Garrett Lister profile picture
Garrett Lister
19:55 10 Jul 24
Jared and the watermelon team were great - they quickly interpreted our website needs and designed a wonderful site. The project management site worked great to keep track of project.
N B profile picture
N B
21:23 14 Nov 23
My previous web developer who I was very happy with retired and I was pretty sad about it because it seems now days it is hard to hire a web developer close by with a good set of skills who is interested in helping small business at reasonable prices. Then I found Watermelon and I have been very happy. They are responsive, are able to solve problems, and work at reasonable prices.
Dark Star Magick profile picture
Dark Star Magick
18:05 03 May 23
We hired Watermelon to help us with our website. They were very thorough and took the time to explain in layman's terms what they were doing and how we could improve SEO and site functionality. We will definitely be back for future website needs!
Astoria Column profile picture
Astoria Column
18:42 24 Apr 23
Great work and amazing service! We're a non-profit, and our priorities are always focused on maintaining the Astoria Column. We had a website built by someone else a few years ago, but without regular updating and maintenance, sections of our site were no longer functional. Joanna and the rest of the team came in and had everything working within a week and it's been smooth sailing since then!
Ben Harris profile picture
Ben Harris
19:25 26 Aug 19
Watermelon has been a fantastic web development partner. Through every phase of our project they have always been 100% responsive to our requests and have always provided highly knowledgeable, creative, prompt, and personable team members to work with. As a financial institution we’re always concerned about the security and maintenance or our website and Watermelon has always provided the appropriate resources in order to meet and/or exceed our compliance and security requirements. We would surely refer them to any business associates looking for a qualified WordPress web designer in the future. – Denali Federal Credit Union
Mohr IP Law Attorneys profile picture
Mohr IP Law Attorneys
00:33 11 Apr 19
Watermelon Web Works did a great job creating a custom shopping cart page for our firm. Gavynn in particular was especially helpful and responsive. We appreciated the upfront costs and the technical competency of Watermelon Web Works and would not hesitate to work with the people there again.
Kim Markle profile picture
Kim Markle
23:36 08 Feb 19
Our company has been working with the Watermelon team for more than 10 years to help build and grow our website and customer portal. They are not only extremely talented and responsive, but are continuously looking for ways for us to enhance our current website. They are consistent, provide excellent customer service and really know what they are doing. Highly recommend!
Rick Brodner profile picture
Rick Brodner
23:23 12 May 17
I cannot say enough good things about Watermelon. They are terrific communicators, highly competent coders, and really, really nice people. They were instrumental in helping us to assemble a very usable, easily maintainable website for our organization. They' have demonstrated great flexibility in accommodating our evolving needs. They have been highly responsive to any technical issues, typically resolving them in less than 4 hours. Watermelon Web Works will make your organization better, and your CFO/Treasurer will be happy when they see the bill - what more can you ask for?
CLOSE

>Locations We Service