Online Security: CISP / PCI Compliance
CISP / PCI Compliance FAQ
What is CISP
CISP (Cardholder Information Security Program) was originally developed by VISA in order to protect cardholders' information whenever a purchase was made. CISP requirements were later incorporated into PCI Compliance, the current industry standard for data security.
What is PCI Compliance
PCI Compliance (short for PCI DSS Compliance, or Payment Card Industry Data Security Standard Compliance) is the current industry standard for protecting data, such as credit card numbers or other financial and personal information. VISA has outlined the basics of the PCI Compliance standards on the VISA website. You can see more details concerning PCI Compliance at the PCI Security Standards Council website.
Do I need to be PCI compliant in order to sell online
The PCI standards require all online retailers to be compliant with a series of security tests to preserve their ability to process credit cards. These thresholds encompass areas including the encryption of credit card numbers, the procedures for secure backup, and having actual auditors review the code around the commerce software itself.
How can I tell if I am PCI compliant
Most major commercially sold e-commerce software (such as Ecwid) is designed with PCI compliance in mind. Additionally, any merchant, individual, or business that stores, transmits, or processes payment card information needs to be PCI compliant. This includes companies that only take payments over the phone and companies that use a third-party payment processing system, like PayPal. So if your website is built with credible software and/or uses a credible payment provider, there is a good chance that your website is PCI compliant.