Increase Your Conversions by Increasing Trust
eTrust Pro Certified

How It All Works

Best Practices

Web Site Trust Seals

eTrust Pro & PCI Compliance

PCI Security Standards Council

Credit card companies are pushing really hard for websites to become PCI compliant and for good reason. You must secure cardholder data to protect your customers information and to meet Payment Card Industry rules.

What is PCI Compliant?

PCI Compliant scanning and Certification is a process to make sure your website is going by the credit card industry requirments in keeping your customers data safe and secure. Making sure your website is PCI compliant could save you from losing thousands of dollars in fines and penalties should your server get hacked into.

Basic PCI Terminology:

For the full PCI glossary of terms go here.

Small merchants are prime targets for data thieves. It's your job to protect cardholder data once they submit it to your website.

If cardholder data is stolen - and it's your fault - you could incur fines, penalties, even termination of the right to accept credit cards!

According to PCI SSC More than 340 million computer records containing sensitive personal information have been involved in security breaches in the U.S. since 2005.1 Now criminals are shifting sights to small merchants because many have lax security for cardholder data. More than 80% of attacks target small merchants. If you are at fault for a security breach, business fallout can be severe :

What sensitive cardholder data do I protect?

Everything at the end of a red arrow is sensitive cardholder data. Anything on the back side and CID must never be stored. Everything else you store must be for a good business reason, and that data must be protected. PCI DSS explains how. Read more.

Credit Card Security for PCI compiance.

PCI Scanning

You can sleep better at night knowing eTrust Pro scans your website for over 28,000 known vulnerabilities which helps to protect your site from hackers.

We also add hundreds of new vulnerabilities every month to ensure that your site is always up-to date with the latest protective measures.

Do I need to be PCI Compliant?

If you do not have your own merchant account and use only PayPal, Yahoo Shopping, Google Checkout, or any other third party payment system chances are you do not have to worry about PCI scanning or compliance. Those payment processors are already PCI compliant.

The only time you need to worry about PCI compliance is if you have a merchant account and are storing sensitive customer data on your servers, such as credit card information.

If you are a merchant that accepts credit/debit cards, you are required to be compliant with the PCI Data Security Standard. You can find out your exact compliance requirements from your merchant account provider.

Specific compliance requirements

To learn more about PCI compliance visit the official PCI SSC website.

Want to protect yourself?