PCI and compliance issues
As many of you or maybe only a few of you know PCI compliance becomes mandatory in July 2010.
How will this impact on you? If you are already using a PCI compliant gateway and are sending your customers to the payment gateway to enter your credit cards then not much at all.
If you are taking credit cards on your site using a payment gateway you have more of an issue coming up as you will need to have a more in-depth audit on your site. We will hopefully be able to help with this as we are in the process of applying for PA-DSS so this should allow you to tick a number of boxes on the audit assessment. Watch the blog for more news on this one.
However if you are storing cards in your site and processing manually after the order then you have a massive mountain ahead of you.
I had a phone call today from a customer asking about PCI and what we are doing to make sure she was compliant.
After I had gone through her current set up with her I had to break the news that she was looking at quite a large investment to make her site compliant.
She is on a shared server, using a very old version of VPASP, is storing cards locally and processing manually to save money.
It is small merchants like this who will be hit the hardest by PCI changes as they will need to either make some massive changes to how their business operates or just close their doors.
I think that is a bit sad really as there a lot of sites out there with some fairly interesting items for sale that will no longer be easily accessible.