![]() Organizations will no longer be expected to meet PCI standards word by word. So, while organizations will still have to meet PCI DSS standards, however, they will have the freedom to select their approach towards meeting those standards. The latest version is a updated set of mature standards that focuses on an “outcome-based” approach rather than a “must-implement” based approach. Similar to all the previous versions of PCI-DSS, the latest upcoming version 4.0 will be a comprehensive set of additional new guidelines for securing systems involved in the processing, storage, and transmission of credit card data. The latest upgraded standards are expected to be released anywhere between the end of 2020-mid 2021. If you have a custom checkout page with an embedded payment gateway, you need to implement proper PCI Data Security Standards to protect your customers and your business.PCI DSS 4.0 is the latest version of the Payment Card Industry Data Security Standard. Also, customers may appreciate not being forced to leave the checkout page to process a payment.Į-commerce has been one of the biggest trends on the Web since broadband Internet allowed websites to become more sophisticated. They do require additional time and system resources, but the added expense is usually offset by the savings of a lower-cost payment gateway. In general, all of the PCI DSS requirements are good policies to follow for site owners who handle customer credit card numbers. Regular network testing and monitoring is one of the requirements, and so is instituting a vulnerability management policy on the network. There are 12 control objectives imposed by the requirements, and they call for ongoing network security maintenance for as long as the embedded payment gateway is active. It’s the site owner’s responsibility to ensure PCI DSS compliance, and this step must begin with close communication with the developer. Businesses should be careful when working with Web developers who embed a payment gateway on an e-commerce site. There isn’t a law regulating the data security of payment gateways, but the card companies can enforce PCI DSS by taking huge fines from businesses who ignore the rules. The rules of PCI data security are simply part of the agreement merchants make with major credit card companies when they process payments. When an external gateway is used, the gateway is responsible for PCI DSS compliance. For example, it’s common for e-commerce sites to send users to the PayPal website for payment processing. External payment gateways are quite common, and they take users to an external domain for payment processing. Only websites that embed a payment gateway on their domain need to take the SAQ, and merchants who use an external gateway can skip this step. Merchant level 2 includes websites that process 1 million to 6 million transactions per year, and merchant level 1 includes websites that process more than 6 million transactions per year. ![]() The next level, merchant level 3, includes companies that process 20,000 to 1 million transactions per year. Most website owners fall into merchant level 4, because they process fewer than 20,000 Visa transactions per year. These categories, or merchant levels, correspond to the size of the businesses. There are several versions of the Self-Assessment Questionnaire, or SAQ, reflecting the four categories of businesses recognized by the PCI SSC. Shop owners who embed payment gateways on their websites must read through the PCI DSS questionnaire to ensure that they’re in compliance. All e-commerce websites, from one-person shops to multi-million dollar operations, must conform to the protocol or risk being heavily fined by Visa or the bank that processes their payments. The PCI SSC is operated by Visa, MasterCard, American Express and other major credit card companies that determine the policy for PCI DSS protocol. PCI stands for Payment Card Industry, a group that created the PCI Security Standards Council to protect credit card users from Internet fraud. ![]() Anyone with an e-commerce site that takes credit card payments through a payment gateway needs to know about the PCI Data Security Standard, or PCI DSS.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |