It’s official – BigCommerce is now PCI compliant. We’ve completed thousands of changes that have taken thousands of man hours. We have the signed Attestation of Compliance and have worked with our assessing company for more than 12 months now to make this happen. It’s a great day for all of us and we’re proud to be one of the very few hosted shopping cart platforms that is PCI compliant.

Below I’ve included answers to some common questions around PCI compliance as well as some of the hilarious photos sent around by our team when we announced our PCI compliance earlier today.

Thanks for your patience over the last year. PCI compliance is definitely the most challenging project we’ve every under taken and I’m proud of how our team came together to get the job done.

What Is PCI Compliance?

According to Wikipedia…

The Payment Card Industry Data Security Standard (PCI DSS) is a worldwide information security standard defined by the Payment Card Industry Security Standards Council. The standard was created to help payment card industry organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organizations that hold, process, or exchange cardholder information from any card branded with the logo of one of the card brands.

Validation of compliance can be performed either internally or externally, depending on the volume of card transactions the organization is handling, but regardless of the size of the organization, compliance must be assessed annually. Organizations handling large volumes of transactions must have their compliance assessed by an independent assessor known as a Qualified Security Assessor (QSA), while companies handling smaller volumes have the option of demonstrating compliance via a Self-Assessment Questionnaire (SAQ). In some regions these SAQs still require signoff by a QSA for submission.

What Does This Mean For Existing Clients?

As an existing BigCommerce client it simply means that the security around our data center and software is certified as rock solid. There are no changes you need to make and your store is PCI compliant.

How Can I Prove To My Bank You’re PCI Compliant?

Your bank will require a copy of our Attestation of Compliance which you can download as a PDF. Simply email this document to your bank. That’s all you need to do. BigCommerce will appear in Visa’s list of PCI compliant solutions in the next 3-4 weeks.

What About PA-DSS Compliance?

Because BigCommerce is an application developed by us and hosted on our PCI compliant network, it is not required to be PA-DSS compliant.

PCI Compliance Celebratory Photos – BigCommerce Style

It’s been a long road to PCI compliance, so what better way to celebrate than with randomly hilarious photos created by the team and sent to everyone in the company via email?

… and finally, our PCI hero Rod:

Happy new year everyone.

Over the weekend, we made BigCommerce 6.1.3 available as an opt-in upgrade. This build is our first release for 2011, and primarily comprises of bug fixes (with some enhancements). I’ll cover some of the release highlights below.

eBay improvements

This build contains a number of eBay fixes, which include product listing improvements, shipping / order workflow issues, and redirection loops.

Product pricing

We’ve spend some time reviewing and tweaking the way we calculate the final pricing, resulting in some edge cases being resolved.

Displaying product category information

Some of our customers have large lists of product categories, which means longer downloading and rendering times (an in some cases IE crashes) – so we’ve worked on a number of enhancements in this release to reduce this impact. These new efficiencies in product categories will now present a top level view, fetching new data as you request it – rather than displaying all information as the page loads.

USPS

The BigCommerce USPS module now uses the new version of their API. This is good news for BigCommerce because we can better extend this module in the future!

Google Base importer

The Google Base importer has been audited and we’ve managed to improve the performance, saving you time.

Template browser timeouts (Design mode)

One of the more recent pain points has been with the 15 minute timeouts – whilst we need to have the session limitations for PCI compliance, we have found a couple of places where the timeout hasn’t been working as expected. This build sees better session activity management when using the template browser in design mode.

Security fixes

We’re security focused, and invest heavily in the discipline. Needless to say there are some security updates we’ve made to this version of BigCommerce.

Full list of changes in 6.1.3

As you may know, we’re giving away free limited edition t-shirts. And we’re giving them away in batches of 50, 100 or 200. So far we’ve given away 857 t-shirts, and the average batch of t-shirts is claimed in a crazy 12 minutes.

The links to claim the final 143 t-shirts are shown below. First in, best dressed (literally). Limit of one t-shirt per person.

Please note: If you click a link, fill in the form and see an error or are asked for a coupon then that t-shirt has already been claimed so you should click on another link.

(Links removed – all t-shirts have been claimed)

I’m happy to announce that as of this week we’ve finalized a partnership with oDesk, the leading freelance marketplace for businesses who need help with design, development and/or marketing. The new BigCommerce group on oDesk is up and running and at the moment we’re calling on designers, developers and marketers who  have experience with BigCommerce to join the group.

Why join our oDesk group?

1. You can bid on design, development and marketing jobs from our 10,000+ clients
2. We’re planning to promote the group heavily (we already link to it on our design services page)
3. It’s one of only two places where we feature 3rd party designers, developers and marketers

Designers/developers/marketers:

Join the BigCommerce group on oDesk (here’s how).

Benefits for BigCommerce clients

If you’re a BigCommerce client and need help with any aspects of BigCommerce such as design, custom development, SEO, SEM, marketing, etc, then you now have two options.

The first is our design partners. They’re experts at working with BigCommerce and can complete your design project from start to finish.

The second of course is our new oDesk group. If you have a small job or want help with search engine optimization, marketing, copywriting, etc then you can post a job request and freelancers will apply to complete the work for you. You can check their work history, skills, reviews and more. It’s a great way to pay by the hour for talented freelancers who are located all over the world.

Why oDesk?

We chose to partner with oDesk because we use them ourselves (and have for a few years). In 2011 there’s no reason to hire a huge army of staff if you don’t need to, and the beauty of oDesk is that you bring on people only when you need them. You can do pay by the hour or even set a fixed price on a job.

Think about all of the talent you can find to help with your search engine optimization, store and banner ad design, customer service reps, cold-calling sales people, Google Analytics and more. The possibilities really are endless.

Update: We forgot to set the right permissions on the Google form in the link below. If you were getting an error when you click then link then that’s now been fixed. Apologies for the confusion.

We’re currently in the early stages of planning a full-on expansion of the BigCommerce API which lets you programatically integrate BigCommerce with 3rd party applications such as order management or accounting software so they can share data with each other. Of course we currently have an API, however we’ll be expanding its functionality and scope significantly this year.

If any of these sound like you:

• You want to integrate your store with a 3rd party application via API
• You’re a developer who wants to integrate with BigCommerce via our API
• You can’t use BigCommerce because it doesn’t integrate with your favorite 3rd party application via API
• You’re stuck on a competing platform because you can’t easily import your stuff via API

… then please fill in this form to tell us how you’d use our API in an ideal world. All feedback is read and we really appreciate you taking the time to share your thoughts with us. Listening to our clients is one way we improve BigCommerce so please take this chance to share your thoughts.