Throughout the coming weeks we’ll be featuring articles and information regarding PCI compliance, in an effort to educate merchants and acquirers about this standard. You can subscribe to all of E-xact’s blog posts using the “PCI” category or keep an eye on our PCI Blog for links and information.

As the PCI deadline approaches, merchants are finding out just what it takes to become compliant and more importantly, how crucial it is to be a part of this movement.

Visa USA recently announced that 96 percent of the largest businesses[1] that accept Visa cards for payment have confirmed they are not storing sensitive account data. Storing prohibited account data including security codes and PINs violates Visa rules and increases a business’ risk by making it a target for hackers [RetailSolutionsOnline]

The other morning I sat in on a webcast sponsored by Information Week entitled: PCI Compliance for Data in Motion - How to protect payment card data transmitted via email and file transfer. There are so many aspects to PCI Compliance it’s difficult to hone in on what directly applies to your company. The first step is recognizing how important it is to be secure, and for a basic example I’ll share the results of an online interactive poll from the webcast.

According to results from participants on the call, 83 % had “No Idea”, 10% used “Spot Checks”and “Standard IT Reports” happen about 6.7% of the time. The call leader, Dan Maier, the Sr. Director of Product Marketing with Tumbleweed Communications was not surprised by these results as many companies are unaware of the sensitive content that might be moving through their email stream.

You can download Tumbleweed’s Whitepaper on PCI compliance for more information about the presenters of the webcast.

During the question and answer session a caller asked how their start up company can figure out the process for accepting credit cards, and what is the first thing they should be doing.

Mr. Maier suggested right away that they go and find an experienced payment gateway company. Payment gateways such as E-xact can help setup particular systems for managing credit card processing. Start ups (along with established businesses) also need to learn how to manage and store credit card information securely - better yet, with E-xact, we can assist with compliance in this manner i.e. using RPM ensures the non-storage of data on company systems.

For more information, there are actually dozens of PCI blogs out there and we’d like nothing more than to pass on that information. Links and tips we find about PCI in the news are shared and posted on our “Newsroom” page under our “PCI” deli.cio.us links in the sidebar. Should you come across a PCI blog or news article feel free to send it our way on deli.cio.us, if you have an account. Simply tag the story “for:ExactTransactions“.

Our most recently bookmarked link is an entry entitled ‘How to Become PCI Compliant‘. It features basic PCI facts, outlining the different levels of compliance for various tiers of businesses, merchants and providers.

E-xact customers and those inquiring about using E-xact as a secure payment gateway should know that we have been compliant with the industry for several years.

“We’ve been doing security audits since 2003 and this year’s audit was the most detailed yet. It’s great to see the industry recognize our efforts in treating data security as a critical priority within our organization,” Peter Fahlman, President. [News Release, May 2007]

Processing your payments through E-xact ensures that data is not being stored on our systems, and your transaction information is safe and secure. You can view our listing on Visa’s list of compliant service providers or read Mastercard’s PCI Manual for more information.

Archive audio for the webcast mentioned in this blog post is available here

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.