Magento PCI Compliance

- E-Commerce

How to make Magento PCI CompliantIf your business requires accepting credit cards, and we know that every ecommerce store does that, it must be in compliance with payment card industry (PCI) standards. Why is it necessary? In the post below, I provide answer to this question, as well as describe how to maintain PCI compliance for your Magento website.

Payment card industry compliance is adherence to a set of security standards related to the protection of card data during a period when a financial transaction occurs and after it has been finished. As an ecommerce merchant, you must meet the following requirements to make your website PCI compliant:

First of all, you should take care about a secure network. It means that a firewall must be configured in order to protect card data of your customers. There is also a restriction on vendor-supplied system passwords as well as other security parameters.

The second requirement is about cardholder data protection. It should be securely stored and encrypted during transmission across open networks.

Then, you should have a reliable vulnerability management program. At least update your antivirus software on time and use only secure applications.

It is also necessary to restrict access to cardholder data. Firstly, you must use unique IDs for everyone who has computer access to this information. Secondly, you have to limit all physical access.

Another important thing is network monitoring. You should regularly track access to cardholder data and network resources, as well as test your security systems.

According to the last requirement, you have to maintain a policy that addresses the security of data within your ecommerce store.

For more detailed information, check the official source of PCI security standards. The website offers a lot of documents aimed at all possible business activities. For instance, there are sections for merchants, financial institutions, hardware and software developers, and industry professionals.

Magento PCI security standards

Additionally, there is a dedicated payment card industry compliance guide. The website offers all the latest news from the world of PCI standards. You can find a lot of useful tips and instructive use cases there, as well as ask questions.

Being PCI compliant, your ecommerce store will become a secure place for shopping. Thus, you will be able to increase a conversion rate and attract new buyers, gaining additional revenue. Take into account that there are lots of customers who will never by goods on a website which is not in compliance with payment card industry standards. I hope now you understand the importance of the requirements described above, so let’s continue with Magento PCI compliance.

Magento PCI Compliance

Since Enterprise and Community Editions have different features, there are unique requirements for PCI implementation on both platforms. Thus, you will find to separate sections below.

Enterprise Edition

Magento Secure Payment Bridge is the easiest way to make your Magento website PCI compliant. The solution is separate from the Enterprise platform, so you don’t need a full website to be compliant. Therefore, you can easily update your ecommerce store without affecting the compliance of Bridge.

How to make a Magento website PCI compliant

The solution stores credit card data and sends a token to the Magento instance. The token makes your system secure, as payment bridge credentials are not enough for getting access to customer data. In case of threats related to your payment bridge, you just need to setup a new instance and get new credentials. Thus, credit card information will remain secure.

Despite the Secure Payment Bridge application meets the above PCI requirements, it is not enough to make your Magento website absolutely secure, since the app must be installed in a PCI DSS compliant environment.

Community Edition

Unfortunately, Secure Payment Bridge is not compatible with Magento Community Edition. But there are several ways to make your Magento website PCI compliant.

Bear in mind that Magento CE is regarded as PCI compliant as long as you aren’t storing credit card data, since there are no requirements for the encryption of other information. Thus, for making you Community Edition store compliant, you should eliminate the use of sensitive information within your website by redirecting customers to third party payment platforms.

The second method requires using PCI compliant gateways, such as PayPal or Authorize.net. Check our list of payment gateways here: The Best Payment Gateways for Modern eCommerce. There are lots of PCI compliant solutions described in the post.