PayPal Handles PCI Compliance for SMB Ecommerce Merchants
While the phrase PCI compliance is enough to make a small business ecommerce merchant groan, the reality for merchants is that compliance is required in this day and age of online shopping -- regardless of the size of your online business.
PCI Compliance Explained
The Payment Card Industry Data Security Standard (PCI DSS) is designed to be a baseline minimum standard for credit card security. In a nutshell, PCI DSS is a security process to help you identify all parts of your business that are vulnerable to theft, ranging from how you dispose of paper records to how you transmit and store personally identifiable information online -- including your customers' credit card information.
To achieve PCI compliance, an online retailer must meet all PCI DSS requirements. Lee Castro, a senior marketing manager at PayPal said that when it comes to being in compliance with PCI regulations, a lot of responsibility falls to the merchant.
"Some of the responsibilities for merchants include building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability-management program, implementing strong access control measures, regularly monitoring and testing networks, and maintaining an information security policy," he explained.
The problem most small business ecommerce site owners will face is putting the infrastructure into place to meet those requirements. The approach that merchants use in meeting these requirements is an important business consideration.
Merchants can decide to build and maintain the infrastructure to meet these requirements themselves, or they can outsource that infrastructure by using a third party, like PayPal, that stores, transmits, and processes the data on their behalf. The decision is certainly a key decision for the merchant, as it has implications in terms of overall cost and time investment, Castro said.
Outsourcing PCI Security and Compliance to PayPal
Working to assist small business site owners and online merchants tackle PCI compliance, PayPal recently announced a significant update to PayPal Payflow Link that provides merchants with "PCI peace of mind" and buyers with a streamlined purchasing experience.
Our recent PayPal Payflow update allows merchants peace of mind when it comes to PCI compliance management. PayPal achieves this by offering hosted templates that ensure that sensitive cardholder data is stored, transmitted, and processed by PayPal, not the merchant, said Castro. As a result, merchants can stay focused on future business growth instead of website security.
In this way, PayPal acts as a trusted third-party that stores, transmits, and processes credit card data on behalf of the merchant and also assumes the responsibility of keeping customers information safe and the transaction secure to meet PCI requirements. As part of your ongoing PCI Compliance management you will need to periodically certify your compliance to PCI regulations, but by outsourcing the infrastructure, that certification workload is greatly reduced.
Embedded Checkout Templates
One issue that merchants may face when outsourcing PCI Compliance is being able to offload the security and still provide a seamless transaction process for the customer. In most cases merchants want to provide customers with the level of PCI security, but also dont want to let customers know that another player has entered the transaction process.
PayPal solves this problem with Payflow Links embedded checkout template so your customers do not have to leave your site during the checkout process to buy securely. This, according to PayPal, creates an efficient and secure transaction that meets key expectations of the shopping experience.
The element that stands out in terms of consumer preference is those sites that offer the most efficiency. A key part of delivering that efficiency is having a streamlined shopping experience that doesnt redirect the customer, said Castro. The seamless process means that the customer will be less likely to abandon the sale as a result of additional websites and windows to navigate.
PayPals Payflow Link tool is available to merchants who want to conduct sales and transactions from their own website or online Web store.
Related PCI Compliance Articles
From beginner guides to expert tips, our selection of PCI compliance articles can help you to better manage your ecommerce business.
- Will PCI Outsourcing Kill Conversion Rates?
- 4 Ecommerce Regulations to Need to Know
- PCI Security: Small E-tailers Face Large Fines if Hacked
- The Tangled Web of PCI Compliance, Are You Ready?
Vangie Beal is a veteran online seller and frequent contributor to ECommerce-Guide.com. She is also managing editor of Webopedia.com. You can tweet with her online @AuroraGG.
|Do you have a comment or question about this article or other e-commerce topics in general? Speak out in the SmallBusinessComputing.com E-Commerce Forum. Join the discussion today!|
Voice Trunking in an IP World: Charting a Practical Path for PRI and SIP IT leaders understand the real-world road to all-IP means leveraging existing technology investments as well as intelligently integrating...
Uncover Threats in SSL Traffic: The Ultimate Guide to SSL Inspection Encrypted traffic accounts for a large and growing percentage of all network traffic. While the adoption of SSL, and its successor, Transport Layer...
5 Reasons Your Storage Snapshots Aren't Working Snapshot-based data protection solutions were supposed to solve our backup challenges, weren't they? Then why are your backups still broken? Many...
Web Application Firewalls Are Worth the Investment for Enterprises Firewalls and intrusion prevention systems don't provide sufficient protections for most public-facing websites or internal business-critical and...