This topic seems to be one of the most misunderstood subjects in E-Commerce, so I’ll attempt to explain it as simply as I can as it relates to your business.
Essentially Visa and MasterCard were getting sick of all of fraud due to stolen credit cards from web sites that were storing credit card data insecurely. Having been in this industry for 10 years, I can tell you some horror stories about how some stores handle your credit card information. So Visa and MasterCard decided to try to add some standards that would help secure credit card data and protect both themselves and their customers. Thus the PA-DSS compliance standard was born.
PA-DSS compliance regulates how a merchant (store) handles customer credit card data. While there are many parts to the regulation, what matters most in this discussion is that a store can no longer store data on a server connected to the internet, and that data cannot be transmitted through an application (shopping cart) that is not certified. Certification is not a cheap process, and as of the writing of this article, there are not many shopping cart platforms under $1000 that have been certified (you can check the list here – https://www.pcisecuritystandards.org/approved_companies_providers/validated_payment_applications.php). This regulation is the reason we switched to Pinnacle Cart – it is a fully PA-DSS compliant cart.
What does this mean for you?
Well if you are not using a PA-DSS compliant cart, you can be subject to fines and penalties. Worse, if your store is hacked and credit card data is stolen, you can be held liable for the fraudulent charges. If your merchant account has not yet enforced this certification, they most certainly will be calling soon.
How can you comply?
You basically have 3 options:
1. Migrate to a PA-DSS compliant shopping cart.
2. Switch to an off-site payment gateway (one that handle the credit card data on their site) such as PayPal or Authorize.NET SIM
3. Use a system like Authorize.net DPM or X-Payments
Keep in mind that any option that adds a step to the checkout process or sends the customer off your site will impact your conversion rate. Using a fully PA-DSS compliant cart is the best solution if it is not cost prohibitive for you.
