Minnesota First State to Make PCI Compliance Law
Not being PCI compliant in the state of Minnesota will now cost you more then your merchant account. Last week the state passed a law that virtually made PCI compliance mandatory for online merchants. The law itself does not directly reference the PCI standards outlined by the major credit card issuers (Visa, MasterCard, American Express, etc) but it clearly is modeled after their standards.
It is important to note that this law only affects merchants, in the state of Minnesota, who handle credit card information. The merchant who are most affected by this are the ones who store credit card information on the web server although it does extend to other areas as well. Ecommerce sites that do not store their customer credit card information will find being compliant easy to accomplish assuming common best practices are used (SSL, etc). Also, the law is slightly different then the PCI Data Security Standard and does not mean merchants can ignore it if they are already compliant with Minnesota’s law.
Texas is also considering implementing a similar law and it should be passed shortly.
Technorati Tags: PCI DSS, payment card industry, visa, mastercard, american express, discover card, SSL, ecommerce