My Merchant Account Blog

PCI Compliancy is an Ongoing Process

Tuesday, June 19, 2007

Once you are PCI (Payment Card Industry) compliant, you should stay PCI compliant.  Usually, you rely on your electronic payment gateway (Quantum Gateway, Linkpoint, Payflow, Authorize.net/Cybersource, etc) or your IPSP (Internet payment service provider) to stay PCI compliant. This is a standard that the card associations (American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International) created to help maintain and implement the security standards of cardholder data.

Visa updates the list of processors and companies who are PCI compliant on a regular basis.  For example, Aplus.net and iTransact allowed their PCI compliancy lapse on May 31,2006 and Cybersource allowed their PCI compliancy lapse on June 30, 2006.  Aplus.net is a webhosting provider that offers e-commerce solutions.  So if you are relying on their network to be compliant, you might be liable for any breech.  Cybersource is an electronic payment gateway that is used by thousands of merchants.  Allowing their compliancy to expire, even for a few days, should be unacceptable to merchants and customers who rely on their system to securely process transactions. Of course, these companies just might be late in reporting to Visa that they are PCI compliant.

Google Checkout

Another company that has allowed their status to lapse is Google Checkout.  They allowed their PCI compliancy to expire on February 28, 2006.  Your credit card data might not be as secure as you would like to think consumers.  Even though Google is a large corporation, there is no excuse with not complying with the standards set forth by the card associations.  As with Aplus.net, iTransact, Cybersource, they might just be late in reporting their status to Visa.

Remember, it is your responsibility, as a merchant, to ensure that the provider you are using is compliant with the security standards.  If a service provider has allowed their PCI compliancy to lapse, you might consider contacting them to check on the status or switching to a provider that is compliant.

All payment gateways are required to have an on-site security audit annually and a network scan quarterly.

DeliciousDigg This PostNewsvineRedditTechnorati



Comments

Greg said...

I have admire your unselfishness in taking the time to make this web site.

7/13/2009

George said...

Great post!

7/17/2009

Name
URL
Email
Email address is not published
Access Code secureimage
Please enter the access code
Remember Me
Comments

Search My Merchant Account Blog




RSS Feed for My Merchant Account Blog

About My Merchant Account Blog



My Merchant Account Blog SiteMap

Submit my blog Startups

Retail Merchant Accounts

Get a Retail Merchant Account with a 1.65% discount rate.  No leases - free terminal.  No monthly minimum and no termination fee!

Merchant Account
Resources Directory

Check out the new
Merchant Account Resources Directory
Feel Free to submit you link!

My Merchant Account Blog SiteMap

© 2005 - 2025 - Merchant Account Forums - Contact Us for Permission to Display Our Complete Posts on Your Website

Feeds Available · Merchant Accounts Reviewed · Sitemap · Merchant Account Information