Is your web designer putting your business at risk?

PCI COMPLIANCECan you imagine losing the ability to take credit cards at your store? How much business would you lose? I have seen some of my customers, if they couldn’t take credit cards, they would lose 70% of their business.

I mention this because, unlike a normal “informational website”  that you build to blog and tell people where you are located, when you start selling online, you have now passed into the world of credit cards. And credit cards have their own rules. You might have heard about it, in its simplest form, its called PCI Compliance.

PCI (or Payment Card Industry) Counsel is made up of all the acquiring banks as well as Visa, Mastercard, American Express and Discover. Their mission is to provide a series of minimum requirements to keep customers credit card data safe.

When it comes to online stores, that means following PCI-DSS, or Payment Card Industry – Data Security Standards. This is a minimum set of standards your website needs to have to protect customer data. At the very very minimum, it means having anti-virus installed, a SSL certificate and all software patched and kept up to date.

If you use a self hosted system, it will be your responsibility to patch and maintain your system. The platforms I use are all PCI-DSS Level 1 compliant. What this means is they have gone through a rigorous audit by companies that specialize in card industry security. In fact you can find them listed in Visa’s list of Validated Payment Applications.

PCI Compliance is not for the small guys

Unfortunately, being a small fry makes it even more important that you be PCI compliance. If your credit card provider notifies you that it thinks you are the point of compromise, that can mean fines and in many cases loss of merchant account services, indefinitely. No, you don’t have to be target to be affected. In fact, in a most recent data breach, it consisted of only 72 cards that were breached.

So how can you be sure you are PCI compliant?

The easiest way is to use a cart provider that has been certified. Most of the carts I talk about are PCI Compliant. Below are a few carts that are:





If you are using a web designer, ask him or her how they will keep you PCI compliant. If they tell you, “don’t worry, we will add an SSL certificate and you will be ok” RUN, don’t walk the other way.

A few things you should hear:

  • We are using a PCI Compliant Cart
  • We are turning off FTP and we don’t allow SSH into the server
  • We are installing a SSL certificate (even better if it is site wide)
  • We are doing weekly updates and patches

Don’t lose your ability to accept credit cards

Don’t lose your ability to take credit cards because you used a cart that put your customers at risk. In my course, I walk you through setting up a PCI-DSS Level 1 shopping cart so you don’t have to worry about the data breaches that could destroy your business.


Comments are closed.