 |
About the Author
Mitch (@mitchellharper) is the co-founder and co-CEO of BigCommerce. Way back in 2007 he built what eventually became BigCommerce as you know it. Today he runs the company alongside Eddie and along with our 100+ team members, is passionate about helping businesses succeed with e-commerce. Mitch spends time between our Sydney and Austin offices and is giving the keynote at TechConnect 2012 in Sydney on April 19th. |
It’s official – BigCommerce is now PCI compliant. We’ve completed thousands of changes that have taken thousands of man hours. We have the signed Attestation of Compliance and have worked with our assessing company for more than 12 months now to make this happen. It’s a great day for all of us and we’re proud to be one of the very few hosted shopping cart platforms that is PCI compliant.
Below I’ve included answers to some common questions around PCI compliance as well as some of the hilarious photos sent around by our team when we announced our PCI compliance earlier today.
Thanks for your patience over the last year. PCI compliance is definitely the most challenging project we’ve every under taken and I’m proud of how our team came together to get the job done.
What Is PCI Compliance?
According to Wikipedia…
The Payment Card Industry Data Security Standard (PCI DSS) is a worldwide information security standard defined by the Payment Card Industry Security Standards Council. The standard was created to help payment card industry organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organizations that hold, process, or exchange cardholder information from any card branded with the logo of one of the card brands.
Validation of compliance can be performed either internally or externally, depending on the volume of card transactions the organization is handling, but regardless of the size of the organization, compliance must be assessed annually. Organizations handling large volumes of transactions must have their compliance assessed by an independent assessor known as a Qualified Security Assessor (QSA), while companies handling smaller volumes have the option of demonstrating compliance via a Self-Assessment Questionnaire (SAQ). In some regions these SAQs still require signoff by a QSA for submission.
What Does This Mean For Existing Clients?
As an existing BigCommerce client it simply means that the security around our data center and software is certified as rock solid. There are no changes you need to make and your store is PCI compliant.
How Can I Prove To My Bank You’re PCI Compliant?
Your bank will require a copy of ourĀ Attestation of Compliance which you can download as a PDF. Simply email this document to your bank. That’s all you need to do. BigCommerce will appear in Visa’s list of PCI compliant solutions in the next 3-4 weeks.
What About PA-DSS Compliance?
Because BigCommerce is an application developed by us and hosted on our PCI compliant network, it is not required to be PA-DSS compliant.
PCI Compliance Celebratory Photos – BigCommerce Style
It’s been a long road to PCI compliance, so what better way to celebrate than with randomly hilarious photos created by the team and sent to everyone in the company via email?
… and finally, our PCI hero Rod:
Try BigCommerce free for 15 days and see why it's loved by over 10,000 successful businesses.
Mitchell Harper Reply:
February 2nd, 2011 at 8:08 pm
Hi Sam. You can, but you typically don’t need to.
[Reply]