PCI Compliance
There has been a lot of talk recently about PCI compliance. Ask 10 people the same question about PCI and you’ll get 11 different answers. OLM has thousands of small business customers selling everything under the sun online and margins are stretched thin. And in this economy, the last thing a small business owner wants to hear is that they have to spend more money on something that “technically” gives them nothing in return.
There is a great thread going on over a WHT for anyone interested in the topic of PCI compliance. Click Here to read it.
And this post here pretty much sums up what we have to tell many customers who are expecting full PCI compliance on a shared hosting account or $99 server.
“Originally Posted by JohnCrowley
Can’t wait to tell all of our smaller merchants that they need 4 dedicated appliances at a minimum to sell their candles online that bring in less than what it will cost to sell online now”
The standards for most small merchants are the self assessment questionnaire, and above that it gets very complicated and expensive.
But of course there are many things you should be doing as a normal course of online business to mitigate security risks such as:
—Keep everything (shopping cart, OS, any-virus, etc.) updated with latest patches.
—Don’t store CC, or any customer data online.
—Use up to date anti-virus on everything.
—Use a secure payment gateway.
—Use SSL for any data transmitted online.
—Use effective passwords (fido123 is not effective, #3re$0opS@ is).
—Back up everything, twice.
—Watch logs for suspicious behavior.
And these things are not just for your hosting plan or server, these precautions should be taken at home too. Right now, can someone break into your house or office and steal a computer with thousands of customer credit card numbers?
Maybe I’m off-base with my thoughts on PCI compliance… let me know what you think.
OLM, LLC
