Small business owners are 100 percent responsible for their customers’ personal information and credit card data. One of the biggest myths is that security is tied solely to credit card information. The Payment Card Industry (PCI) Security Council will be the first to point out that it is as much about the personal information of your customers as it is about their credit cards. At the end of the day, banks can be a safety net if someone were to get your customers’ credit card information. Unfortunately, there isn’t a safety net if personal information is stolen from an online business.
PCI compliance is still a misunderstood concept. While there is plenty of material available on the topic, a small group of people have most of the information. History shows us that when this type of situation occurs in the marketplace, a lot of people end up buying services that don’t help at all. If your credit card company, ecommerce provider, hosting company, bank or other provider offers you a new service to assist in maintaining PCI compliance, simply ask the following question. “By purchasing this service, are you guaranteeing that you will pay for any fines or loss of business I might suffer if my online store becomes compromised?”
More often than not, the answer will be no. So why would you pay money for something that won’t help you with the problem? The answer is lack of knowledge. Most small business owners don’t have enough time to run their stores, much less to keep up with the security requirements for maintaining an online business. As a result, when a service provider approaches an online businessperson about a new service to secure it customers, it scares many business owners into purchasing it.
The first step
The bottom line is this: online retailers must find the time and take responsibility for protecting their customers. For ecommerce, be sure you are using a PA DSS (Payment Application Data Security Standard) certified application or a business that is PCI DSS certified. That is the first step. After picking the right ecommerce provider, you must take control of the rest of your customers’ security. This can be achieved by going through the PCI DSS process to get your business certified.
Pinnacle Cart, for example, carries the PA DSS certification and works with hosting companies that are PCI DSS compliant. Still, it does not have control over its own destiny. If the company it uses decided to stop offering PCI DSS hosting, Pinnacle Cart would be forced to spend a lot of money moving customers to another data center. To gain control of its security, the company is working on becoming PCI DSS compliant. The process isn’t easy and it costs money, but the return on investment will come to any business that commits to the process. You can show your compliance on your website like a badge of honor, and you will likely see an increase in website conversions.
Mike Auger is president and CEO of Pinnacle Cart, a hosted shopping cart and ecommerce software application that allows you to create, manage and effectively market your business. www.pinnaclecart.com.
View article published in Independent Retailer: http://bit.ly/ecommercesecurity
Pinnacle Cart Announces New PCI Compliance Scanning With McAfee
We now offer McAfee PCI Compliance Service, a simplified and easy-to-use system that is optimized for Level 2, 3, and 4 merchants that need to successfully complete all requirements for PCI certification. Only $99/yr. – a 65% saving!
McAfee PCI Compliance Service is designed for Level 2-4 merchants that need to successfully and confidently complete the steps necessary for PCI certification. Originally developed for Visa International, the service includes automated state-of-the-art scanning, an online self-assessment questionnaire, McAfee Technical Assist (extensive technical support, such as vulnerability remediation assistance), and the PCI Wizard to help manage compliance activities. Tens of thousands of organizations around the world—from government agencies and online retailers, to nonprofits and manufacturers—trust McAfee to audit their initial and ongoing PCI compliance status.
Click here for more information about our compliance services.
Check us out in this months WHIR!
Craig Fox, our Founder and VP of Product Development was recently invited to provide some insight into PA-DSS / PCI compliance and it’s effects in the ecommerce industry 
for The Web Host Industry Review, better known as The WHIR . Here are some snippets from the article:
“We’ve completed that compliance ring – what we call the remediation process – with our QSA,” says Craig Fox, VP of product development at e-commerce software firm Pinnacle Cart. “Everything seems to be coming clean.” According to Fox, the total initial cost associated with certification for Pinnacle Cart is likely to be in the range of $20,000 to $30,000 – a manageable cost of doing business, and not something the company intends to pass on to its customers in the form of a price increase, but by no means an insignificant sum of money.
Check out the full article on pages 12-13 here as mentioned on our @pinnaclecart Twitter account!
New Platform and PA DSS
We know the survey may have been a surprise to many of you who have been waiting on a new beta version on a new platform. I would like to take a few minutes to explain where we are and the direction of the company.
Many of you have recently completed a survey we sent you relating to feature sets for a new version of our shopping cart software.
At the end of last year we were in the process of developing a new platform for Pinnacle Cart that would take us into the next decade. As we began developing the product we also began to understand the challenges and opportunities associated with PA DSS (Payment Applicant Data Security Standard). Visa and MasterCard will begin to enforce this new standard on all shopping carts and any payment application that accepts credit cards in July of 2010. In a nutshell, as a small business owner, this is another requirement for you to be PCI compliant.
Certification is an expensive and time consuming process as we work with a 3rd party QSA recommended by Visa/MC. In addition, our company will have to absorb this expense every time we come out with a significant change to our software. We are making every effort to not pass this expense along to our customers and have been able to keep that goal to date by not increasing the cost of the software. But as you can probably imagine it has forced us to change the way we look at development and releases. The great news for you is Pinnacle Cart will be a leader in PA DSS certification and education.
We have made a major decision to delay the release 4.0 and certify “Pinnacle Cart 3.7 PA DSS.” Of course, by default, it will also mean that 4.0 will also be certified when it is released. The survey you received some time back will go a long way to defining the some of the features associated with 3.7. Many of the features are in the process of being built or already have been built and Craig will have a post about the feature set and the timeline to release. This was a difficult decision as we are very excited about getting to the new platform. The funny thing about the new platform is that it actually IS the reason we decided to come out with an interim release. A new platform undoubtedly creates challenges for upgrades. Though we will provide documentation, a path to upgrade and continue to offer services to assist in the upgrade there will still be work to do. On the other hand, if you are on a 3.4, 3.5 or 3.6 series cart, upgrading to a 3.7 cart is quite easy. Combined, it was obvious we needed to certify a new release for older clients who now must upgrade to 3.7 to have a PA DSS certified shopping cart. Providing choices for our customers has been a cornerstone of our business and this is a great example of changing our direction to better server our entire customer base.
We are excited and look forward to a summer release of 3.7 and a substantial new feature set.
Mike Auger
