Once you are PCI (Payment Card Industry) compliant, you should stay PCI compliant. Usually, you rely on your electronic payment gateway (Quantum Gateway, Linkpoint, Payflow, Authorize.net/Cybersource, etc) or your IPSP (Internet payment service provider) to stay PCI compliant. This is a standard that the card associations (American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International) created to help maintain and implement the security standards of cardholder data.
Visa updates the list of processors and companies who are PCI compliant on a regular basis. For example, Aplus.net and iTransact allowed their PCI compliancy lapse on May 31,2006 and Cybersource allowed their PCI compliancy lapse on June 30, 2006. Aplus.net is a webhosting provider that offers e-commerce solutions. So if you are relying on their network to be compliant, you might be liable for any breech. Cybersource is an electronic payment gateway that is used by thousands of merchants. Allowing their compliancy to expire, even for a few days, should be unacceptable to merchants and customers who rely on their system to securely process transactions. Of course, these companies just might be late in reporting to Visa that they are PCI compliant.
Another company that has allowed their status to lapse is Google Checkout. They allowed their PCI compliancy to expire on February 28, 2006. Your credit card data might not be as secure as you would like to think consumers. Even though Google is a large corporation, there is no excuse with not complying with the standards set forth by the card associations. As with Aplus.net, iTransact, Cybersource, they might just be late in reporting their status to Visa.
Remember, it is your responsibility, as a merchant, to ensure that the provider you are using is compliant with the security standards. If a service provider has allowed their PCI compliancy to lapse, you might consider contacting them to check on the status or switching to a provider that is compliant.
All payment gateways are required to have an on-site security audit annually and a network scan quarterly.
Greg said...
I have admire your unselfishness in taking the time to make this web site.
George said...
Great post!
About My Merchant Account Blog
Get a Retail Merchant Account with a 1.65% discount rate. No leases - free terminal. No monthly minimum and no termination fee!
Check out the new
Merchant Account Resources Directory
Feel Free to submit you link!
© 2005 - 2025 - Merchant Account Forums - Contact Us for Permission to Display Our Complete Posts on Your Website
Feeds Available · Merchant Accounts Reviewed · Sitemap · Merchant Account Information