Pod1 Blog

We had an audit this week of our compliance to the PCI-DSS standard for handling of payment card details. This is an important subject for serious eCommerce companies, and we’re aiming to be accredited within the next few months.

The handling of payment card details online has come under close scrutiny this year. There have been several high profile breaches of data security, and even some of the payment service providers have been in trouble. Visa has already introduced fines for larger retailers who don’t meet the standards. In the eCommerce world, the most important standards relate to how card data is handled by a business (PCI-DSS) and how a software application handles them (PA-DSS). Most businesses need to comply with PCI-DSS, but if you built an application that handles card data you might need to comply with PA-DSS as well.

The standards apply to a whole business, so Pod1 becoming compliant won’t be sufficient for its clients to say that they are as well. Companies need to look at their whole business from end to end. For example, there might be a call centre that takes orders over the phone. If they ever take credit card details from customers, they’ll need to get their processes and controls straight. Lots of clients have logins to payment service provider terminals (where you can manage your payments and refunds) and things like password security, logging who did what when and so on will all need to be considered.

We’ve recognised this is an important issue for our clients. We’re working with our PCI Auditor, Evolution Security Systems, and our other partners to make sure we’re doing our bit. To help our clients to address the issue we’ll be organising a seminar about it very soon. If you’re a client who’s interested in attending, you should let your account manager know.