Selling online requires a combination of the following elements: effective internet marketing, a clear purchasing route through a professional website, secure credit card transactions, evaluating stock & ensuring distribution are all complex tasks to coordinate for both small and large organisations.
Most importantly, the regulations surrounding financial exchanges online are constantly changing, and this is of course a big responsibility for any company looking for online sales success.
Since September 2009, every online merchant dealing with credit card details, whether via an integrated payment system or external payment facility, is required to meet certain security standards as set out by the PCI SSC and complete a self-assessment questionnaire, so anyone who hasn’t yet looked into their own requirements could be facing possible fines and/or prosecution.
Internet-based merchants at each PCI Compliance level must undergo a quarterly vulnerability scan performed by an approved scanning vendor. Though some PCI Compliance Level 1 internet-based merchants may be able to perform annual self-assessments (with the permission of their processor and card brand), the vast majority of internet-based merchants will be held to these PCI Compliance expectations.
PCI Compliance Level 1
Merchants process more than six million transactions per year. Level 1 merchants must complete an annual on-site PCI security assessment, performed by a qualified security assessor, or QSA.
PCI Compliance Level 2
Merchants process between one million and six million transactions per year.
PCI Compliance Level 3
Merchants processing between 20,000 and one million transactions per year.
PCI Compliance Level 4
Merchants processing up to one million transactions per year.
These guidelines have been put in place to provide your customers with data security. If in doubt about your business categorisation it is recommended that a professional assessment body is consulted to assist you further when deciding whether you need to take any further steps.