May 13, 2013 — Online Training Software
Are You PCI Compliant?
Maybe you’ve heard the phrase PCI Compliant before, but don’t really know what it is, it’s importance, or why it is crucial to your online learning business. If you sell courses online, you will need to be PCI compliant, and many content management system plug-ins do not help you achieve that. However, many learning management systems, such as DigitalChalk, have gone to great lengths to make their system PCI compliant.
PCI is a set of security standards that help protect the card holder’s information when making an online purchase. When selling courses online, you need to be aware of and follow the Payment Card Industry (PCI) standards.This will keep you out of trouble by protecting the payment information of people buying your courses.
There are 6 categories of PCI compliance security standards:
- Build and maintain a secure network. Install and maintain a firewall configuration to protect cardholder data. Do not use vendor-supplied defaults for system passwords and other security parameters.
- Protect cardholder data. Protect stored cardholder data and encrypt transmission of cardholder data across open, public networks.
- Maintain a vulnerability management program. Use and regularly update anti-virus software. Develop and maintain secure systems and applications.
- Implement strong access control measures. Restrict access to cardholder data by business need-to-know. Assign a unique ID to each person with computer access. Restrict physical access to cardholder data.
- Regularly monitor and test networks. Track and monitor all access to network resources and cardholder data. Regularly test security systems and processes.
- Maintain an information security policy. Maintain a policy that addresses information security.
Are you wondering if this applies to you?
PCI Compliance applies to anyone with a business where customers make a purchase using a credit card (including PayPal, Google Checkout, etc.) – regardless of the number of customers making a purchase.
What are the dangers of not being PCI compliant?
You could face a hefty fine anywhere from $5,000-$100,000 per month if you are caught violating any PCI standards. Though PCI is not a law, major card companies can choose to fine merchants for not following certain PCI standards.
And remember, being PCI compliant is not a one-time occurrence; it is a continual effort to make sure you are creating a safe environment for you and your customers.
Need more information? Head over to the PCI FAQ page.