PCI DSS (Payment Card Industry Data Security Standard) is a security standard that applies to companies handling credit card numbers. The PCI level of enforcement differs based on the volume of transactions that a company handles. The lowest level is level 4, which applies to eCommerce sites processing less than 20,000 transactions annually. The highest and most stringent is PCI level 1, which applies to merchants processing over 6 million transactions a year. Ultimately, the goal is to increase security for all Web sites accepting payment via credit card. 2Checkout completes an annual audit for PCI compliance, which we take pride in maintaining consistently.

Level 4 merchants are typically subject to completing an annual self-assessment questionaire, which contains approximately 220 questions. Furthermore, annual external quarterly scans are a common requirement. The exact requirements are typically set by the merchants’ bank.

Smaller eCommerce sites that have credit cards compromised can be fined between $20 and $30 dollars per each stolen credit card up to $500,000 dollars. Additionally, depending on the size of the breach, the site could be required to hiring an external forensic investigator. The cost of an external audit typically begins around $10,000.

A report published recently by ECommerce-Guide.com identifies increased scrutiny that PCI Level 4 eCommerce sites are being subjected to.

The cost of becoming PCI compliant can be substantial. Especially if your Web site was not initially designed with security being a focus. The requirements cover all aspects of business: technology utilized and how it is implemented as well as business processes and workflow.

Utilizing 2Checkout can quickly enable PCI compliance for your eCommerce site, while keeping the cost of doing business lower in the long term. An eCommerce site, who utilizes 2Checkout, will typically not be required to complete any PCI compliance forms. Under certain circumstances, the bank providing your merchant account may require an 11-question PCI Questionnaire A. By completing this form, you will be attesting that your company does not handle credit card information. No changes to your servers or business processes will be required! This is one of the many areas where 2Checkout focuses to provide more value to you, our customers and suppliers.

Article was updated on 9/21/2009 clarifying requirements for “PCI Questionnaire A.”

In Selling Internationally: A Guide for Business the United States Federal Trade Commission has published steps that businesses can take to increase consumer confidence on the internet. Included in the article is a check list of voluntary e-commerce guidelines developed by the OECD.