|
What is PCI Certification, and why do I need it? |
|
What is PCI Compliance?
The Payment Card Industry (PCI) developed the Payment Card Industry Data Security Standard (PCI DSS) to establish guidelines for all organizations that capture, process, or store credit card data — such as shopping carts. Any website performing ecommerce must demonstrate proof of compliance. In short: if your online store accepts credit cards, then you need to be PCI Compliant.
How can I make my website PCI Compliant?
There are several steps to becoming PCI Compliant.
- Have your website audited by a PCI-approved scanning vendor.
- Rectify any vulnerabilities discovered during the PCI audit. Vulnerabilities can originate from the server's operating system, a database configuration, webpage content, error handling settings, security settings, etc.
- Repeat steps 1 and 2 until all vulnerabilities have been resolved.
- Complete a Self Assessment Questionnaire (SAQ), usually provided by either your merchant service provider or the scanning vendor.
- Provide your merchant service provider with your SAQ and the documents from the PCI scanning vendor that confirm your website's PCI compliance.
- Repeat steps 1 through 5 at least on a quarterly basis.
If you'd rather not wrestle with this process every few months, a better solution is available.
|
The problem with PCI Certification... |
|
PCI compliance is a very technical process.
Most of our clients aren't experts on network security, so they become middle-men, sending reports back and forth between Modular Merchant and their scanning service. It adds more work, time and stress to all parties involved.
What's more, PCI compliance must be done on a per-website basis. This means just because another website hosted on the same server is PCI compliant (or just because your website uses PCI Compliant shopping cart software, such as Modular Merchant) your website is not automatically also PCI compliant.
Modular Merchant is happy to help, but when clients use a variety of scanning services — each with a different procedure for reporting and resolving issues — it further slows down the process. Different services will also report conflicting, erroneous and previously corrected issues.
Additionally, PCI scanning services will charge a wide range of prices, from hundreds to thousands of dollars per year, just for their quarterly scans. And then, they still place the burden on you to resolve any issues that they find.
There must be a better way to achieve PCI compliance. Fortunately, there is... |
|
PCI Compliance can frustrate even the most capable of stock photography businessmen. |
|
|
The solution: Modular Merchant's PCI Concierge service... |
|
Modular Merchant's PCI Concierge service allows us to do the work for you.
As a shopping cart software developer, PCI compliance naturally falls within our area of expertise. We deal with it every day, and we wanted to put our knowledge and experience to good use by finding a way to perform the PCI compliance ritual for our clients. So, we developed our PCI Concierge service.
We've brokered an agreement with McAfee that allows us to perform the PCI scanning on behalf of our clients. Not only do our clients receive a substantial discount on McAfee's PCI Certification product, but we perform the website's audit, fix vulnerabilities for our clients, then provide a completed PCI Compliance Report on a regular basis. This service allows us to proactively resolve PCI compliance issues, and to do so more efficiently.
Here's how it works:
- After signing up, Modular Merchant regularly scans your website using McAfee's standard PCI Certification Service product.
- Modular Merchant technicians work directly with McAfee to resolve any PCI issues found during the scan. No more need for you to become the middle-man! (And that's not included with any other PCI scanning provider!)
- Once all issues are resolved, a completed PCI compliance report, confirming your website's clean bill of health, is provided to you. These reports are made available directly within your store's Administration Area.
- A McAfee PCI control panel will also be made available to you, so you can log in at any time to complete your Self Assessment Questionnaire (SAQ), view your scan results, or manually download more reports.
- As a Modular Merchant client, you'll receive McAfee's PCI Certification at the discounted rate of just $249.99. (A savings of over $110.00 off McAfee's regular $360.00/year price.)
And that's all there is to it. Modular Merchant's PCI Concierge service makes your life easier because you don't have to worry about resolving complex server vulnerabilities, and it makes our lives easier because we can consolidate all our efforts through one PCI scanning provider.
|
What clients are saying about our PCI Concierge service. |
|
What are clients saying about their experience with Modular Merchant's PCI Concierge service?
Since launching our PCI Concierge service, we've helped dozens of clients, resolved hundreds of PCI vulnerabilities, and scanned roughly a ka-jillion lines of website code. All for the sake of our our clients' sanity. Has it all been worth it? Here's what some of our clients have to say...
|
OH WOW!!!! In less than 48 hours, we are PCI compliant....after MONTHS with (a different company), and hours of "wasted" time...
OH MY GOSH....YOU GUYS ARE AWESOME!!!!!!
Wow...should have done this a loonnnnnnnggggggggggggg time ago.
Thanks for making my day.
- Brenda |
|
WOO HOO! I have said it before and I'll say it again... YOU GUYS ROCK!
Thanks!
- Scott C. |
|
Well, that just saved me a bunch of money and headaches.
And you started immediately! Thank you for doing that! I'm quite happy.
- Rozanne P. |
|
How do I add the PCI Concierge Service to my Modular Merchant account? |
|
Adding the PCI Concierge Service to your Modular Merchant online store is easy!
Within your store's Administration Area, go to [Admin > Manage Modular Merchant Account]. On that page, simply select the desired PCI Certification level from the menu and click the "Update" button.
Adding the PCI Concierge Service to a Modular Merchant account is a simple way to prevent migraines.
Once the request to add the PCI Concierge Service is submitted, it will be added to your account ASAP. Setup of a new PCI scanning account typically takes several days. Once it is ready, you will receive a Support Ticket containing information on the status of your website's first scan, including instructions on how to download your quarterly PCI Compliance reports once they are completed. |