Happy New Year to all. I wanted to start off the New Year with a bit of advanced notice to those in ecommerce that may not be up on all the rule changes for Visa security and merchant compliance and so you can make plans to take action this year.
In 2004 the credit card industry launched its standard security requirements which is based on the Visa standards set forth in 2001. The standard requires both online and offline merchants to safeguard sensitive consumer credit card information by following specific information storage rules and regulations.
For online store applications this took the form of Payment Application Best Practices (PABP). PABP changed the way that online store applications and shopping carts had to be developed; incorporating security features and rules into the store logic. Some of those security steps include, not storing credit card information in the database, requirement to change the administrators' password every 30 days, requiring "strong" password rules for site admins, and hashing all passwords.
For Merchants, this took the form of PCI Data Security Standards (PCI DSS) which required that merchants are either individually PCI compliant or use a system that is PABP compliant.
Why is this important to you, the online merchant?
As of October 2008, new online merchants with over 20,000 transactions per year cannot even recieve an online merchant account if they are not compliant in one way or another. However, beginning this year merchant account providers will start to "decertify" non-PABP applications, revok merchant accounts that are not using PABP certified applications and deny merchant applications to new applications that are not PABP certified. In 2010, all merchants will be required to be using a PABP certified application.
When I say non-PABP certified applications I'm not just talking about some obscure online stores, this includes some of the more popular store choices out there. As of this posting this includes:
1. OSCommerce
2. X-Cart
3. AbleCommerce
4. Volution
5. ZenCart
6. Miva Merchant
7. AmeriCart
8. Ecommerce Templates (ECT)
9. 3DCart
10. Eporia
11. Magento
...and a boat load more. In fact it's probably easier to tell you which applications are PABP certified and suitable for small to medium business (it's only a handful).
1. AspDotNetStorefront (Bright Spectrum's store of choice)
2. Storefront by LaGarde
3. eOne by Micros
4. MonsterCommerce (part of Network Solutions)
5. Znode Storefront
6. ShopSite
7. PowerCommerce by Merchantec
Using any of the non-PABP systems may pose some security risks and either they will need to become PABP compliant very soon or you will be required to move to a PABP certified store sometime in the near future.
If you want to explore moving over to AspDotNetStorefront and instantly becoming PCI Compliant schedule an online demo with us.
Bye for now.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment