Is it legal to capture credit card info on my website then process it manually through my retail store card machine?
The answer is NO!. Collecting credit card numbers on your website and then running them through your retail store machine not only exposes your customers to possible identity theft, it’s illegal. If you want to collect credit card numbers on your website you need to be PCI Compliant.
What does PCI Compliant mean and how did it originate?
In a nutshell it means that your website transactions need to be processed through a third party like paypal, or authorizenet. For more information and rates click here.
The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to provide a guideline for cardholder data security and implement consistent data security measures globally.
PCI DSS provides a starting point of technical and operational requirements designed to protect cardholder data. The PCI DSS standard applies to all entities involved in payment card processing this includes merchants, processors, acquirers, issuers, and service providers, as well as anyone that stores, processess or transmits cardholder data.
Here is a High Level Overview of the PCI Data Security Standard
- Use a Secure Network
- Protect all Card Holder Data
- Track all software updates and stay current
- Have Strong Access Control Measures
- Monitor and Track Network Access
- Institute and enforce an Information Security Policy
In the next post we will discuss what each of the standards above mean and how they can help us. As well as how to easily setup a PCI compliant website and shopping cart.