Top

PA-DSS Compliance – Will It Change the Way I Manage My Business?

August 30, 2010 by  

The short answer is absolutely, but the more important question is “Are you running an ecommerce business which requires you to be on a PA-DSS certified application?”

A quick explanation: PA-DSS is a standard set by the PCI Security Council designed to increase the security of your storefront. The council set a deadline of July 1, 2010 for all merchants to be on a PA-DSS complaint system. Merchants not meeting the deadline could face additional fees from their merchant services provider or loss of their merchant services account entirely.

So, still, do you need to be on a complaint system?  For the most part yes, though there are some exceptions the council have outlined. First, if your cart never transmits or stores credit card information, a compliant cart isn’t required. For example, if you’re only using PayPal Traditional and the customer is transferred over to PayPal to complete the order, you are fine. However, if you’re using any other PayPal method, or a method where the credit card is accepted on your site (authorize.net or intuit for example) and the payment information is posted to your payment provider for authorization, you need a compliant cart. Another exception is in-house applications which are not sold or distributed.

The rules are very specific, if your storefront STORES or TRANSFERS customer sensitive information, you are required to be compliant.  Of course, the easy solution is simply move to a payment system (like PayPal Traditional) that moves your customer over to their site to complete the transaction.  Anyone in the ecommerce world for even a short period of time knows this action can have a significantly negative impact on sales.  Moving a customer from one site to another to complete a transaction increases cart abandonments, sometimes as much as 30% or more.

This standard isn’t designed to make a merchant’s life more difficult, but to increase the security of internet transactions.  In the end, secure transactions and increased customer confidence result in more business for all merchants conducting business on the internet – and that’s a good thing.

If you’re in the market for ecommerce software, you must determine if the company’s offerings are PA-DSS complaint.  If the software is not PA-DSS compliant, weigh potential risks – both personal and financial.  Even if you don’t accept credit cards on your site today, understand you will need to eventually if you expect to grow your business. If you’re using an existing ecommerce platform, be sure they are compliant or inquire as to when they expect to achieve compliance. The deadline has passed, and merchant account providers will certainly start assessing fees soon if they haven’t already.


Article written for FindMyHost.com by Craig Fox, Founder and VP of Marketing for Pinnacle Cart, the leading eCommerce / Store Builder application for small to mid size businesses.  For more information, please visit www.pinnaclecart.com

Be Sociable, Share!

Comments

Comments are closed.

Bottom