PCI DSS Certification

Just got an email from our credit card acquirer with suggestion to pass PCI DSS Certification. This certification ensures that companies handling the credit card numbers safely.

Yes, you do need a special certification to handle very sensitive 20-digit numbers. And yes, it shows again how unsecure the credit cards really are.

The cerfitication could be quete costly, 1-rst level means hundred thousands euros per year spend on security.

Fortunately I don’t have to do it, sins our e-shop is not handling any real credit card information. Everything is managed by our Payment Service Provider Ogone. This means that during the processing of an order we have to send client from the URL of our e-shop to some URL of Ogone. Ogone provide nice opportunity to keep the same look-and-feel as our e-shop, so most of the clients don’t notice anything.

This is also a disadvantage: clients who do notice the change of URL during payment for our products don’t like it. Because it may look like a phishing attempt. And this is one of the most basic precautions for online shoppers – check your URL for phishing! Well, at least all our URLs are SSL-protected with valid certificates.

I’m not sure what could be better solution for this URL changing problem. May be – becoming DSS compliant after all. Ogone provides technical API for those, who are compliant. So may be, one day.

Today I’ve just send the form with all required information to the acquirer. Let’s wait for their reply.

You can leave a response, or trackback from your own site.

Sorry, no posts matched your criteria.