Non-compliance is equally as costly as a breach, in which you are required to assess to the Level 1 standard for the next year, including an on-site audit.
Big Commerce’s Cardholder Data Environment is PCI DSS 3.1 Level 1 certified as both a Merchant and a Service Provider.
How can we be sure that these online service providers, who so readily accept and retain our credit card information, are taking the appropriate measures to secure it?
Jasper Studios provides ecommerce development services to omnichannel retailers both large and small and, as such, we have seen every kind of credit card storage transgression imaginable.
We’ve witnessed cardholder data stored in plain text files without any encryption or basic obfuscation residing under the CFO’s desk in a dusty PC dating back to the late 1990’s –– all freshly captured from an insecure payment gateway in a homegrown ecommerce platform. Fortunately, however, this isn’t a practice undertaken by most organizations, and when done so, it’s typically caused by unintentional ignorance on the subject.
This is the purpose of PCI DSS –– and every retailer is required to comply.
Depending on the ecommerce technology and backend a retailer uses, and how their payment systems are architected, PCI compliant hosting can be an easy check on a long list of things retailers need to do to ensure their customers are transacting securely, or it can be a big pain –– costing ample time, resources and money.