PayPal Handles PCI Compliance for SMB Ecommerce Merchants
While the phrase PCI compliance is enough to make a small business ecommerce merchant groan, the reality for merchants is that compliance is required in this day and age of online shopping -- regardless of the size of your online business.
PCI Compliance Explained
The Payment Card Industry Data Security Standard (PCI DSS) is designed to be a baseline minimum standard for credit card security. In a nutshell, PCI DSS is a security process to help you identify all parts of your business that are vulnerable to theft, ranging from how you dispose of paper records to how you transmit and store personally identifiable information online -- including your customers' credit card information.
To achieve PCI compliance, an online retailer must meet all PCI DSS requirements. Lee Castro, a senior marketing manager at PayPal said that when it comes to being in compliance with PCI regulations, a lot of responsibility falls to the merchant.
"Some of the responsibilities for merchants include building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability-management program, implementing strong access control measures, regularly monitoring and testing networks, and maintaining an information security policy," he explained.
The problem most small business ecommerce site owners will face is putting the infrastructure into place to meet those requirements. The approach that merchants use in meeting these requirements is an important business consideration.
Merchants can decide to build and maintain the infrastructure to meet these requirements themselves, or they can outsource that infrastructure by using a third party, like PayPal, that stores, transmits, and processes the data on their behalf. The decision is certainly a key decision for the merchant, as it has implications in terms of overall cost and time investment, Castro said.
Outsourcing PCI Security and Compliance to PayPal
Working to assist small business site owners and online merchants tackle PCI compliance, PayPal recently announced a significant update to PayPal Payflow Link that provides merchants with "PCI peace of mind" and buyers with a streamlined purchasing experience.
Our recent PayPal Payflow update allows merchants peace of mind when it comes to PCI compliance management. PayPal achieves this by offering hosted templates that ensure that sensitive cardholder data is stored, transmitted, and processed by PayPal, not the merchant, said Castro. As a result, merchants can stay focused on future business growth instead of website security.
In this way, PayPal acts as a trusted third-party that stores, transmits, and processes credit card data on behalf of the merchant and also assumes the responsibility of keeping customers information safe and the transaction secure to meet PCI requirements. As part of your ongoing PCI Compliance management you will need to periodically certify your compliance to PCI regulations, but by outsourcing the infrastructure, that certification workload is greatly reduced.
Embedded Checkout Templates
One issue that merchants may face when outsourcing PCI Compliance is being able to offload the security and still provide a seamless transaction process for the customer. In most cases merchants want to provide customers with the level of PCI security, but also dont want to let customers know that another player has entered the transaction process.
PayPal solves this problem with Payflow Links embedded checkout template so your customers do not have to leave your site during the checkout process to buy securely. This, according to PayPal, creates an efficient and secure transaction that meets key expectations of the shopping experience.
The element that stands out in terms of consumer preference is those sites that offer the most efficiency. A key part of delivering that efficiency is having a streamlined shopping experience that doesnt redirect the customer, said Castro. The seamless process means that the customer will be less likely to abandon the sale as a result of additional websites and windows to navigate.
PayPals Payflow Link tool is available to merchants who want to conduct sales and transactions from their own website or online Web store.
Related PCI Compliance Articles
From beginner guides to expert tips, our selection of PCI compliance articles can help you to better manage your ecommerce business.
- Will PCI Outsourcing Kill Conversion Rates?
- 4 Ecommerce Regulations to Need to Know
- PCI Security: Small E-tailers Face Large Fines if Hacked
- The Tangled Web of PCI Compliance, Are You Ready?
Vangie Beal is a veteran online seller and frequent contributor to ECommerce-Guide.com. She is also managing editor of Webopedia.com. You can tweet with her online @AuroraGG.
|Do you have a comment or question about this article or other e-commerce topics in general? Speak out in the SmallBusinessComputing.com E-Commerce Forum. Join the discussion today!|
How Moving Your Contact Center to the Cloud Eliminates Risk: A New Way of Evaluating Cloud TCO Tuesday, September 30, 2014 11:30 AM EDT / 16:30 BST The total cost of ownership (TCO) debate between a premises and cloud decision continues to...
The State of the Web Conferencing Market: Enabling Workplace Transformation for Enhanced Teamwork and Productivity Triggered by landmark shifts in businesses, the demand for collaborative technologies and online meetings is on the rise. The ongoing workplace...
How to Stop Targeted Attacks and Avoid "Expense in Depth" with Strong Authentication Live Webinar September 25th at 2:30PM EST Information security professionals are especially challenged now that the traditional concept of a...
Disk Encryption + Endpoint Backup: Before You Lock it Down, Back it Up Full disk encryption is the ultimate data guardian on corporate endpoints. But when deployed without endpoint backup, it can also be the ultimate...