PCI compliance and Drupal maintenance support plans Commerce

If you are selling online, you should be concerned with PCI compliance. The five major credit cards brands got together to create the Payment Card Industry Data Security Standard (PCI DSS) back in 2006. This security standard applies to all merchants and financial providers (banks), and is designed to provide robust protection for cardholder data.

PCI compliance means demonstrating that you meet the currently in-force standards for maintaining cardholder data security. All merchants that accept Visa, MasterCard, American Express, Discover and JCB credit or debit cards for ecommerce transactions must be PCI compliant.

Universal Standard

PCI standards apply to everyone involved in the customer data chain of custody, and specifically applies to merchants of all sizes. Your merchant account agreement requires you to participate in the PCI standards program. Furthermore, banks can be fined for merchant noncompliance and banks are known to pass on fines or even terminate the relationship with repeat offenders. PCI compliance standards also apply to merchants who just accept orders over the phone.

Merchant Levels

The specific PCI standard compliance requirements vary based on your merchant level. Your merchant level is established by your provider. For Visa, for example, a merchant processing less than 20,000 Visa e-commerce transactions per year is classified as a merchant level 4, between 20,000 and 1 million Visa e-commerce transactions per year is a merchant level 3, between 1 million to 6 million Visa transactions per year is merchant level 2 and more than 6 million transactions per year is merchant level 1.

Is Drupal maintenance support plans PCI Compliant?

The short answer to this question is that nothing is PCI compliant out of the box. While drupal Commerce and Ubercart have many safeguards against malicious attacks, there are many elements that need to be addressed in implementation and hosting to assure full compliance. Here is a good article on the subject: http://soundpostmedia.com/article/lets-talk-about-pci-compliance-ubercart-and-drupal-commerce/

Merchant Self-Assessment

Fortunately, PCI compliance is usually pretty straightforward assuming you apply up-to-date IT security best practices in your networks. All you have to do is take the merchant self-assessment questionnaire, then take and pass a vulnerability scan from a PCI SSC Approved Scanning Vendor.

f you pass the scan, you just complete the attestation of compliance in the self-assessment questionnaire and submit the SAQ along with documentation of passing the vulnerability scan. If you fail the scan, you must take any steps required to remedy the deficiencies until you pass the scan.

Network Vulnerability Scans

Network vulnerability scans must be performed quarterly to maintain PCI compliance. The scan remotely reviews networks and Web applications based on the external IP addresses provided by the merchant or service provider. The scan is designed to  identify vulnerabilities in operating systems, services or devices that could be used by malicious parties to gain access to the merchant’s network.  Approved Scanning Vendors, who must be recertified every year, provide easy to-use scanning tools such as ControlScan that do not require the merchant or service provider to install any software.

PCI Compliance Guide’s PCI Frequently Asked Questions and Myths is a great resource that provides detailed information on PCI compliance, what it means to you and how to become compliant.

The post What is PCI compliance and why should I care? appeared first on Austin Drupal maintenance support plans Development by Pixeldust Interactive.

This article was republished from its original source.
Call Us: 1(800)730-2416

Pixeldust is a 20-year-old web development agency specializing in Drupal and WordPress and working with clients all over the country. With our best in class capabilities, we work with small businesses and fortune 500 companies alike. Give us a call at 1(800)730-2416 and let’s talk about your project.

FREE Drupal SEO Audit

Test your site below to see which issues need to be fixed. We will fix them and optimize your Drupal site 100% for Google and Bing. (Allow 30-60 seconds to gather data.)

Powered by

PCI compliance and Drupal maintenance support plans Commerce

On-Site Drupal SEO Master Setup

We make sure your site is 100% optimized (and stays that way) for the best SEO results.

With Pixeldust On-site (or On-page) SEO we make changes to your site’s structure and performance to make it easier for search engines to see and understand your site’s content. Search engines use algorithms to rank sites by degrees of relevance. Our on-site optimization ensures your site is configured to provide information in a way that meets Google and Bing standards for optimal indexing.

This service includes:

  • Pathauto install and configuration for SEO-friendly URLs.
  • Meta Tags install and configuration with dynamic tokens for meta titles and descriptions for all content types.
  • Install and fix all issues on the SEO checklist module.
  • Install and configure XML sitemap module and submit sitemaps.
  • Install and configure Google Analytics Module.
  • Install and configure Yoast.
  • Install and configure the Advanced Aggregation module to improve performance by minifying and merging CSS and JS.
  • Install and configure Schema.org Metatag.
  • Configure robots.txt.
  • Google Search Console setup snd configuration.
  • Find & Fix H1 tags.
  • Find and fix duplicate/missing meta descriptions.
  • Find and fix duplicate title tags.
  • Improve title, meta tags, and site descriptions.
  • Optimize images for better search engine optimization. Automate where possible.
  • Find and fix the missing alt and title tag for all images. Automate where possible.
  • The project takes 1 week to complete.
Shopping Cart
There are no products in the cart!
Continue Shopping