It’s official – BigCommerce is now PCI compliant. We’ve completed thousands of changes that have taken thousands of man hours. We have the signed Attestation of Compliance and have worked with our assessing company for more than 12 months now to make this happen. It’s a great day for all of us and we’re proud to be one of the very few hosted shopping cart platforms that is PCI compliant.
Below I’ve included answers to some common questions around PCI compliance as well as some of the hilarious photos sent around by our team when we announced our PCI compliance earlier today.
Thanks for your patience over the last year. PCI compliance is definitely the most challenging project we’ve every under taken and I’m proud of how our team came together to get the job done.
What Is PCI Compliance?
According to Wikipedia…
The Payment Card Industry Data Security Standard (PCI DSS) is a worldwide information security standard defined by the Payment Card Industry Security Standards Council. The standard was created to help payment card industry organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organizations that hold, process, or exchange cardholder information from any card branded with the logo of one of the card brands.
Validation of compliance can be performed either internally or externally, depending on the volume of card transactions the organization is handling, but regardless of the size of the organization, compliance must be assessed annually. Organizations handling large volumes of transactions must have their compliance assessed by an independent assessor known as a Qualified Security Assessor (QSA), while companies handling smaller volumes have the option of demonstrating compliance via a Self-Assessment Questionnaire (SAQ). In some regions these SAQs still require signoff by a QSA for submission.
What Does This Mean For Existing Clients?
As an existing BigCommerce client it simply means that the security around our data center and software is certified as rock solid. There are no changes you need to make and your store is PCI compliant.
How Can I Prove To My Bank You’re PCI Compliant?
Your bank will require a copy of our Attestation of Compliance which you can download as a PDF. Simply email this document to your bank. That’s all you need to do. BigCommerce will appear in Visa’s list of PCI compliant solutions in the next 3-4 weeks.
What About PA-DSS Compliance?
Because BigCommerce is an application developed by us and hosted on our PCI compliant network, it is not required to be PA-DSS compliant.
PCI Compliance Celebratory Photos – BigCommerce Style
It’s been a long road to PCI compliance, so what better way to celebrate than with randomly hilarious photos created by the team and sent to everyone in the company via email?
… and finally, our PCI hero Rod: