Reducing PCI Scope for Your eCommerce Site

Security breach – two dreaded words that no merchant wants to hear. A breach can be devastating for everyone involved. “Each card number stolen can cost a business from $150 to $250. These costs appear in the form of legal settlements, fees for consultants hired to remove malware, and personnel hours spent notifying customers.” (Source: April 2013, Ponemon Institute “2011 Cost of Data Breach: United States). Unfortunately with the amount of payment transactions traveling over the web every day, ecommerce remains a constant target. Although nothing is fail-safe from this fraudulent activity, following the guidelines set forth by PCI DSS (Payment Card Info Data Security Standards) can reduce your risk of being compromised. Read on for BluePay’s top three recommendations for PCI compliance.
1) Secure Data Storage
Long story short, it is never a wise decision to store your customers’ sensitive payment data on unprotected devices such as PCs, laptops, tablets, or phones. Not only can they be easily tampered with or stolen, but the servers over which payment information is transmitted may not have the highest security standards. Verify that your payment processor uses tokenization technology. This is the process of substituting a customer’s PAN (Primary Account Number) with a “token” – information that is useless to a hacker. You, as the merchant, will only then store the token in your system, which drastically reduces your PCI scope and compliance fees. To learn more about PCI tokenization, click here.
2) Safe Payment Transmission
Do you have an SSL Certificate? If you have to ask what it means, then chances are you don’t. An SSL (Secure Sockets Layer) Certificate enables a website to transmit private data online through a secure connection. If you don’t have an SSL, a way around this would be to use a secure hosted payment page or i-Frame on your ecommerce site. The page or i-Frame has the same look and feel as your site, but all information entered into the page is actually being transmitted to a secure third party payment processor. The customer’s sensitive payment information never touches your server, and therefore reduces your PCI scope. To learn more about secure hosted payment pages, click here.
3) Reliable Payment Processing
There are many different components to the payment process. A typical ecommerce transaction flow looks like this: Merchant Website>Online Payment Page>Gateway>Processor>Bank.  To maintain PCI standards, every business accepting payments must complete an annual SAQ (Self-Assessment Questionnaire).  Are you PCI DSS compliant? To learn more about the rules and regulations regarding secure payment processing, click here.
These are just a few recommendations from BluePay. To see the official guidelines, please visit the PCI Security Standards website here
Simple, fast ecommerce credit card processing tailored to your business – BluePay makes it possible. With the simple click of a button, BluePay’s payment processing technology can be seamlessly integrated into your ecommerce site. All new OpenCart merchants signing up with BluePay will enjoy a FREE GATEWAY and NO ANNUAL PCI FEES for 12 months. Click below to begin saving!
Find out more





This blog post has been sponsored by BluePay. 
Please note that whilst OpenCart recommends BluePay, all views and opinions in this blog post belong to BluePay and are not those of OpenCart. OpenCart is not responsible for any opinions or claims made in this blog post.