Most business owners know about PCI compliance, but the average consumer has probably never heard of it. Most know about SSL and the lock icon in the URL address, which lets them know that their information will be encrypted and transferred safely to your website. But what of the website itself? Is it safe? Has it been scanned for vulnerabilities? Is it PCI Compliant?
PCI Compliance 101
In September 2006, the major credit card companies (Visa, Master Card, Discover, JCB, American Express) came together to form the Payment Card Industry Security Standards Council (PCI SSC). They created a unified standard called the Payment Card Industry Data Security Standard (PCI DSS) to aid businesses in creating a safe and secure environment for credit card information. Now, all merchants that process, store or transmit credit card information must follow the PCI DSS and become PCI compliant.
In order to be certified compliant, a merchant must have a report filed by a Qualified Security Assessor (QSA) or—depending on the number of transactions processed throughout the year—fill out a Self Assessment Questionnaire (SAQ). They must also pass a quarterly scan by an approved scanning vendor (ASV) and file an Attestation of Compliance report. The acquiring bank might ask for additional information as well.
Although not being PCI Compliant can bring hefty fines and restrictions on accepting card payments, the biggest consequence is putting your customer’s sensitive card data at risk for a security breach. The biggest consequence of a security breach is the loss of your customers’ trust. If the customer does not feel that their payment information is safe, they will walk away.
But again, most customers will not know about PCI Compliance or where to look to find out if the website they are visiting is compliant or not. So how can you show your customers that you are compliant in a way that they can understand without diving through all the technical complexities of the PCI DSS? This is where trust seals come in…
How can Trust Seals help?
Once you are PCI certified, you can place a Security Seal on your website. Security Seals give instant feedback to the customer, letting them know that your website is safe and credible. This enhances trust between the merchant and the customer. There are three different Trust Seals.
Security Seals: Many companies administer daily network scans and provide seals verifying that your website or server is secure and safe from vulnerabilities and attacks.
Privacy Seals: Verify that you have specific privacy policies in place to protect the customer.
Business Identity Seals: Provides information such as your business’ e-mail address, street address and phone number to show the authenticity and validity of your website.
Being PCI compliant brings you piece of mind and saves you from the hassle and cost of a security breach. With trust seals, you can show customers that their credit card information will be safe and secure, thus building trust and hopefully a long-lasting relationship.