Accepting Payments Online

When accepting Credit Cards you must be aware of your obligations to protect your customers credit card information. This means that you should not store credit card information in an unsafe way and you must comply with the Provider Card Industry Data Security Standards - PCI DSS.

PCI DSS is a set of security standards developed by the world's major credit card companies, including Mastercard, Visa and American Express. It is aimed at businesses that process credit or debit card transactions and consists of 12 control objectives to protect data.

How does it affect me?

If you use a reputable payment service provider then most of these issues will be handled by them. If you take credit card data on your web site using the manual credit card payment method then you need to be aware of the risk.

The 12 key guidelines are:

• Install and maintain a firewall configuration to protect data
• Do not use vendor-supplied defaults for passwords or other security parameters
• Protect stored cardholder data
Encrypt the transmission of cardholder data and sensitive information
• Use and regularly update anti-virus software
• Develop and maintain secure systems and applications
• Restrict access to data by business need-to-know
• Assign a unique ID to each person with computer access
• Restrict physical access to cardholder data
• Track and monitor all access to network resources and cardholder data
• Regularly test security systems and processes
• Maintain a policy that addresses information security

If your web site is hosted by eCorner (using ePages) then we comply with items 1 - 6. Item 2. relates also to your own MBO and that password is your responsibility. Items 7 - 12 are entirely under your control as the store owners and we would urge you to review these. eCorner strongly recommends the use of a reputable Payment Service Provider.