Payment Card Industry (PCI) Data Security Standard (DSS), otherwise known as PCI DSS compliance, demands all shopping cart owners whom accept credit card payments to adopt strict security policies and procedures, including these 12 steps:

Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures

Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security

PCI DSS compliance applies to ALL businesses/merchants, irrespective of business size, or number of transactions, that accept, transmit or stores any credit card information/data. PCI DSS is for the protection of any customer who pays online, over the phone or via completion of a faxed form, the merchant directly using a credit or debit card. Noncompliance may now result in fines penalties to the merchant.

For more information, please visit: https://www.pcisecuritystandards.org/pdfs/pci_ssc_quick_guide.pdf

If you would like to become more educated on PCI DSS compliance and its relevant to the eCommerce industry, click here to view a list of Recommending Reading