CoreCommerce is PCI Compliant!

Annually we undergo an audit and renew our PCI-DSS validation  You can download the attestation of compliance Corecommerce AOC. With our hosted solution, we reduce the burden for our clients with their respective credit card processors.

The Long Road to PCI Compliance

Becoming PCI-DSS compliant is both time consuming and very expensive. It requires a third-party auditor that is certified by Visa/MasterCard to review both our physical security, as well as perform penetration testing on the software itself to ensure hackers can’t exploit vulnerabilities to gain access to sensitive credit card information. Depending on the type of problems the auditor finds, it can take 3-9 months to pass the rigorous guidelines that are set forth by the PCI Security Standards Council.

Here Are The Basics:

  1. Install and maintain a firewall configuration to protect data
  2. Do not use vendor-supported defaults for system passwords and other security parameters
  3. Protect stored data
  4. Encrypt transmission of cardholder data and sensitive information across public networks
  5. Use and regularly update antivirus software
  6. Develop and maintain secure systems and applications
  7. Restrict access to data by business need to know
  8. Assign a unique ID to each person with computer access
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data
  11. Regularly test security systems and processes
  12. Maintain a policy that addresses information security

Huge Fines For Non-Compliance

High-status cases concerning big corporations have hit the headlines in the last couple of years. The Payment Card Industry has threatened huge fines against some larger merchants of up to $25,000 per month until compliance is obtained. Currently only a few select shopping cart providers are PCI-DSS Compliant.

Merchants That Are Not PCI Compliant Can Face:

  • Lawsuits
  • Up to $25,000 in monthly fines
  • Up to $500,000 in fines if data is stolen
  • Cancellation of their Visa/MasterCard accounts
  • Inability to accept credit card payments from customers

The Good News?

CoreCommerce is PCI compliant, you can download the paperwork you need to submit to your credit card processor here.