This guest blog comes to us from Spark::red, a featured member of the SoftLayer Technology Partners Marketplace. Spark::red is a global PCI Level 1 compliant hosting provider specializing in Oracle ATG Commerce. With full-redundancy at every layer, powerful servers, and knowledgeable architects, Spark::red delivers exceptional environments in weeks, instead of months. In this video we talk to Spark::red co-founder Devon Hillard about what Spark::red does, how they help companies that are outgrowing current solutions, and why they chose SoftLayer.
Tech Partners Marketplace: http://www.softlayer.com/marketplace/sparkred
The Three Most Common PCI Compliance Myths
As a hosting provider that specializes in Oracle ATG Commerce, Spark::red has extensive experience and expertise when it comes to the Payment Card Industry Data Security Standards (PCI DSS). If you’re not familiar with PCI DSS, they are standards imposed on companies that process payment data, and they are designed to protect the company and its customers.
We’ve been helping online businesses maintain PCI Compliance for several years now, and in that time, we’ve encountered a great deal of confusion and misinformation when it comes to compliance. Despite numerous documents and articles available on this topic, we’ve found that three myths seem to persist when it comes to PCI DSS compliance. Consider us the PCI DSS compliance mythbusters.
Myth 1: Only large enterprise-level businesses are required to be PCI Compliant.
According to PCI DSS, every company involved in payment card processing online or offline should be PCI Compliant. The list of those companies includes e-commerce businesses of all sizes, banks and web hosting providers. It’s important to note that I said, “should be PCI Compliant” here. There is no federal law that makes PCI compliance a legal requirement. However, a business IS required to be PCI compliant technically in order to take and process Visa or MasterCard payments. Failure to operate in with PCI compliance could mean huge fees if you’re found in violation after a breach.
Payment card data security is the most significant concern for cardholders, and it should be a priority for your business, whether you have two hundred customers or two million customers. If you’re processing ANY credit card payments, you should make sure you are PCI-compliant.
There are four levels of PCI compliance based on the number of credit card transactions your business processes a year, so the PCI compliance process is going to look different for small, medium-sized and large businesses. Visit the PCI Security Standards Council website to check which level of PCI compliance your business needs.
Myth 1: Busted.