Merchant Account Services

Ecommerce 101

Everything You Need to Know to Get Your Online Store to be Sccessful

 

Author: Jim Conners ()

Rating: 10.0

Pages: 1|2|3|4|5|6|7|8|9|10|11|12|13|14

Compliance Issues

Some of the lesser known principles of processing online payments have to do with compliance with the credit card associations' security standards. Many of the security breaches experienced, and very well publicized, recently are due to ecommerce business either ignorance or willful violations of these security practices. Although the specifications are technical in scope, they are easy to implement in practice.

Storing Credit Card Numbers and Other Sensitive Information

A common request amongst ecommerce store owners is to store customers' credit card information in their database for later processing or for record keeping. Some may even want to use it to make their customers' lives easier by implementing a quick checkout system. This is fine as long as your website meets the Payment Card Industry Data Security Standard (PCI DSS). This is a security stndard implemented and enforced by the four major credit card asociations as well as JCB. It defines what security practices must be employed by a web site if it wishes to handle and store credit card data.

The basics of the standard are:

  • You cannot store credit card numbers unless they are encrypted
  • You cannot store CVV2 numbers at any time for any reason
  • You may store expiration dates and it is recommended that you encrypt them
  • Your server must pass several security checks before you are allowed to store any credit card information at all

To learn more about PCI DSS read our article Visa's CISP Data Security Standard Explained.

Electronic Commerce Indicator

When accepting payments online Visa and MasterCard require those transactions to indicate that they originated online. This is called the Electronic Commerce Indicator (ECI). This is due to the high percentage of fraud that occurs online. This indicator helps the card associations monitor online transactions and hopeful get a grip on fraud. Transactions processed in retail location or through mail and telephone order transactions do not need to send this indicator.

The basics of ECI is fairly simple: if you process transactions that you captured through your website then you will need to use software that is ECI compliant. Basically, this means you must use a payment gateway as no credit card terminals are currently ECI compliant.

To learn more about ECI read our blog post Electronic Commerce Indicator.

Payment Gateway | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | Fraud Control