Home

Services

Latest projects

Articles and reviews

Our story

Jobs

Contact Us
+372 656 0066
Järve 2, Tallinn 11314, Estonia
PCI Compliance Checklist: How to Get it Fast
Share to:

For every retailer, Ecommerce operator and online store owner there is one thing that you simply cannot cut corners with – and that is the security of your customers credit card details. Having someone’s credit card details in your hands is as good (or dangerous) as holding their cash. In fact, even more so, because not only are you able to spend their cash, but you can plunge them into debt by spending cash they don’t have.

So, if there is one thing you simply have to do right on your Ecommerce store – it’s credit card data safety.

The Payment Card Industry Data Security Standard (PCI DSS) has been put together by the PCI Standards Security Council for this very reason. The PCI Standards Security Council represents Visa, Mastercard, JCB International, Discover and American Express.

The PCI DSS applies to all merchants who accept payments from these institutions and is intended to safeguard all stored and processed card data – everywhere and anywhere that it is being used, accessed or stored.

what is pci compliance

It’s important to note that just because you are PCI compliant does not guarantee that hackers will not gain access to your or your customers sensitive data, but it does render you much safer. You should always be vigilant and always keep all of your security measures up to date.

All of which can sound really daunting to those whose task it is to ensure that their Ecommerce website is compliant with the rules and regulations that govern the PCI DSS. But it doesn’t have to be a point of stress to you or your team. We are here to provide a checklist for you to reference and a simple guide on getting your Ecommerce website signed off as safe and secure.

Levels of Compliance

Not all companies operate on the same level, and as such there are varying degrees or levels of compliance that are required by you, the merchant.

Level 1 and Level 2 are for merchants who process one million transactions per year or more.

Level 3 is for merchants who process 20 000 or more transactions per year.

Level 4 is for those merchants who process fewer than 20 000 transactions in a financial year.

PCI Compliance

We are going to assume for the purposes of this article, that those merchants in levels 1 and 2 are already employing the services of professionals to help them reach compliance. This article will focus on levels 3 and 4, who are making fewer than one million transactions a year.

 What do I need to get my PCI DSS?

You can find a full list of the PCI requirements here.

First: You need to figure out which self-assessment questionnaire (SAQ) your Ecommerce store needs to use to validate your compliance.

You can find a quick chart to these questionnaires here.

Once you have run through the questionnaire, you will need to submit it along with evidence of passing a vulnerability scan (if applicable to you).

PCI DSS Checklist

As a business that makes use of credit card payments, you need to make sure that you comply with each of the following checks every quarter, and do a full, submitted assessment every year:

Make sue that you complete the annual Risk Assessment on the environment where the card data is handled or touches the cardholder environment. This includes the digital environment and everyone who has access to your records, and your systems.

Make sure that any third party who stores, processes or transmits the card data or are in any way connected to the cardholder environment, provide evidence that they have maintained their PCIDSS compliance and are actively registered with the relevant authorities for your region, or with Card Schemes if you are operating internationally.

If you use a third-party payment application on your Ecommerce store, do you ensure the product and the particular version of that application is PCI DSS compliant and that you adhere to the guidelines provided by the supplier?

If you use an external integrator or administrator to apply the products or bring them together, is this person certified to do so according to PCI standards?

Are you sure that any staff who work with your third-party payment applications are trained to do so according to the guidelines provided by the supplier?

Are you only keeping data that is essential to your business and ensuring that it is well encrypted?

Do you have strict controls over who has access to your E-commerce environment?

Do you ensure that all access to the Ecommerce environment is strictly monitored and recorded?

Are you protecting your data network both firewalls AND up-to-date anti-virus software from a reputable company?

Have you ensured that your shopping cart is patched with the most up-to-date versions available? These updates safeguard against hackers who are continually working to break through the protections set against them.

Are you undertaking network scans on a quarterly basis by an approved scanning vendor (ASV)?

Have you discussed security with your hosting provider? It is essential that they have secured their systems appropriately and that their web and database servers should be hardened to disable default settings and services.

Do you run PED tests annually, and after any significant risk to the environment.

Is software and hardware, and any vendor and associated products, which you use to process transactions approved by the Payment Card Security Standards Council (PCi SSC)?

✓ Check the PCI DSS Quick Guide to make sure you are compliant, here and also here.

Recommended for you

article-img

Headless Commerce: Everything You Need to Know

Over the past year or so, there has been a rapid increase in the popularity of headless commerce and the number businesses adapting the same. Whether you are a retail business owner looking to set foot in the online world, or an eCommerce business owner planning on going ‘headless’, this article will cover everything you need to know about this approach.

Read more
article-img

The 10 Best Business Podcasts that Will Get You Inspired to Succeed

As an entrepreneur, you are most likely to be constantly on the prowl to acquire new skills, learn new business strategies, and gather as much information as you can to increase the growth of your business. While people attained such knowledge by reading books and attending seminars back then, things have changed now, and podcasts have become one of the go-to resources for business owners to gain that inspiration they need to succeed.

Read more

Contact our specialist directly

If you would like to know more about our projects, the way we work, all the ways we can help your business, contact our project manager.

He will be happy to assist you in finding the best solution for you specifically.

Just fill in the form below and you'll hear from us in the shortest time possible, we promise.

Indrek
eCommerce consultant
250+
User stories created
100+
Successfully
completed projects