If your business requires accepting credit cards, and we know that every ecommerce store does that, it must be in compliance with payment card industry (PCI) standards. Why is it necessary? In the post below, I provide answer to this question, as well as describe how to maintain PCI compliance for your Magento website.
Payment card industry compliance is adherence to a set of security standards related to the protection of card data during a period when a financial transaction occurs and after it has been finished. As an ecommerce merchant, you must meet the following requirements to make your website PCI compliant:
First of all, you should take care about a secure network. It means that a firewall must be configured in order to protect card data of your customers. There is also a restriction on vendor-supplied system passwords as well as other security parameters.
The second requirement is about cardholder data protection. It should be securely stored and encrypted during transmission across open networks.
Then, you should have a reliable vulnerability management program. At least update your antivirus software on time and use only secure applications.
It is also necessary to restrict access to cardholder data. Firstly, you must use unique IDs for everyone who has computer access to this information. Secondly, you have to limit all physical access.
Another important thing is network monitoring. You should regularly track access to cardholder data and network resources, as well as test your security systems.
According to the last requirement, you have to maintain a policy that addresses the security of data within your ecommerce store.
For more detailed information, check
Additionally, there is a dedicated
Being PCI compliant, your ecommerce store will become a secure place for shopping. Thus, you will be able to increase a conversion rate and attract new buyers, gaining additional revenue. Take into account that there are lots of customers who will never by goods on a website which is not in compliance with payment card industry standards. I hope now you understand the importance of the requirements described above, so let’s continue with Magento PCI compliance.
Magento PCI Compliance
Since Enterprise and Community Editions have different features, there are unique requirements for PCI implementation on both platforms. Thus, you will find to separate sections below.
The solution stores credit card data and sends a token to the Magento instance. The token makes your system secure, as payment bridge credentials are not enough for getting access to customer data. In case of threats related to your payment bridge, you just need to setup a new instance and get new credentials. Thus, credit card information will remain secure.
Despite the Secure Payment Bridge application meets the above PCI requirements, it is not enough to make your Magento website absolutely secure, since the app must be installed in a PCI DSS compliant environment.
Unfortunately, Secure Payment Bridge is not compatible with Magento Community Edition. But there are several ways to make your Magento website PCI compliant.
Bear in mind that Magento CE is regarded as PCI compliant as long as you aren’t storing credit card data, since there are no requirements for the encryption of other information. Thus, for making you Community Edition store compliant, you should eliminate the use of sensitive information within your website by redirecting customers to third party payment platforms.
The second method requires using PCI compliant gateways, such as PayPal or Authorize.net. Check our list of payment gateways here: The Best Payment Gateways for Modern eCommerce. There are lots of PCI compliant solutions described in the post.