PCI Compliance is No Longer Optional for Small Businesses
If you accept major credit cards (Visa, MasterCard, Discover, American Express), you are now required by the Payment Card Industry Security Standards Council to become compliant with the Payment Card Industry Data Security Standards (PCI DSS).
The SiteLock PCI Compliance tool is a quick and simple online process that guides you through every step. We save you time and money, and we assure that you have the right level of security for your online business.
Please, see Nanghost PCI DSS Compliance Policy below.
What is PCI?
PCI is a security requirement created by the major credit card brands (Visa, Mastercard, Discover, American Express) in an attempt to reduce fraud and bring all companies who take credit cards up to a minimum level of security. The PCI DSS Standard was designed as a single security approach to protect credit card data in transit, at rest and in storage on servers, networks and the Internet. PCI DSS is a mandatory standard based on a set of 5 main categories with 12 requirements containing 200 security control measures that a company must adopt into their business practices in order to accept credit card payments. The requirements provide that additional security layers and measures are placed within the areas where credit card information is handled so that it remains safe and risk of fraudulent activity is reduced.
At Nanghost, we provide you with the foundation you need through our website security scanning technology to make sure that your data or website is not vulnerable to the many threats in the online world, such as malware and other dangerous attacks. The addition of PCI compliance and PCI scanning takes your business to the next level of security that is required if you accept credit cards as a form of payment. Nanghost now offers PCI Compliance as an add-on to your website scanning plan, with prices ranging from $35 to $120 per year based on the complexity of your website.
What Does PCI Compliance Do for Your Business?
As a business with a website, you are exposed to a great deal of risk. This includes risks from hackers trying to steal your customers' data and credit card information, to the insertion of malware and other malicious code that can literally bring your website down. When you are PCI compliant and have SiteLock website security in place, it's like having online business insurance and an alarm system for your website. You gain the peace of mind that you are keeping your business secure and your customer data safe. You also increase the level of trust among potential customers. When you are PCI compliant, they see that you are protecting their credit card information in accordance with the industry regulations and standards.
What Can Happen if You Don't Comply with PCI?
The penalties for not complying with the PCI regulations can be very costly. If your company ever has credit card records stolen and your business is not PCI compliant, you are subject to fines from the card brands that can exceed $100,000. Your merchant service provider will also likely charge a monthly fee for each month you are not compliant. In the very worst cases, the credit card brands could take away your ability to accept credit cards, which would cripple most small or midsize businesses.
Why Do You Need PCI Compliance if You Use an External Payment Processor?
PCI compliance applies to anyone who takes a credit card, even if you only process one transaction per year. Utilizing a third-party processor reduces your risk exposure, but your company is ultimately held accountable for the business practices and security procedures required by PCI.
PCI for small merchants requires a self-assessment questionnaire (SAQ) that cannot be completed by your payment company, your merchant service provider or anyone else. Even if all of the vendors you are using are PCI compliant, all merchants are required to go through, at a minimum, one SAQ per year, even if you are redirecting payments to a 3rd party provider.
While having new technology like encrypted or tokenized credit card data is definitely a great step up in security, you are still required to go through the SAQ and scan your terminal to identify any potential weaknesses in your network. The good news is that by using this advanced technology, you will have an easier, faster time completing the questionnaire than someone who hasn't taken the extra security steps.
Why Should I Use SiteLock to Get PCI Compliant?
By using the SiteLock PCI compliance program, you are guided through a quick, straightforward path to complete the required self-assessment questionnaire (SAQ) by answering the fewest number of questions possible in an easy-to-use online tool. While you can fill out an SAQ directly from the PCI website, the questions can be very difficult to comprehend and decipher. The questions in the SiteLock PCI system are written to be easy for business owners to understand, so you don't have to be an accountant or engineer to get through them.
The SiteLock PCI Compliance process is broken down into four simple steps. We'll guide through each one of them at a pace you are comfortable with, in a way that doesn't take a lot of time. Depending on your situation it can take as little as 10 minutes to complete the questions. Once you are finished and compliant, you will be able to download a site seal that will show your customers that you care about protecting their personal information.
If you are an e-commerce merchant you will also have to go through a quarterly external scan as part of the requirement. The SiteLock tool will quickly identify if this is a requirement for your business and we'll provide the scanning as well, if you need it.
NANGHOST PCI DSS COMPLIANCE POLICY
At Nanghost, we take the security of our customer's credit card data seriously and have taken extra measures to adhere to the PCI DSS Standards. The Nanghost team not only implemented the PCI DSS standards into our operating procedures, we directed all credit card data to our trusted merchant processor Authorize.Net, utilizing their Payment Gateway, which is a Fully Compliant, PCI Level 1 Certified Payment Gateway solution. Authorize.Net gateway is also a Trusted Commerce merchant.
As a customer during the shopping checkout process with Nanghost, your credit card information is collected within our billing system and securely transmitted to Authorize.Net gateway without ever leaving the Nanghost site. Nanghost will only store the last four digits of your credit card within the billing system and all remaining credit card information is stored directly in the Authorize.Net gateway Website Payment Processing secure server where it is safely held.
NANGHOST VALIDATED BY SITELOCK
Nanghost has taken the extraoardinary step of protecting your credit card data and has conformed to the PCI requirements regarding the handling of credit cards within of our payment processing system. In addition, Nanghost is regularly scanned for PCI compliance by SiteLock to ensure our systems are continually in compliance. You may click on the SiteLock logo below to find out more about this process.