PCI Compliance Guidelines

Every merchant who handles customer credit card information is required by the Payment Card Industry (PCI) to conduct business within the following guidelines:

• Build and maintain a secure network, and maintain a firewall on the server to protect data.
• Do not use vendor-supplied defaults for system passwords and security parameters.
• Protect stored customer data and encrypt the transmission of cardholder data and other sensitive information across public networks.
• Use and regularly update antivirus software, and develop and maintain secure systems and applications.
• Restrict physical access to customer data, and provide access only to those with business need-to-know.
• Assign each person with computer access a unique ID.
• Track and monitor all access to network resources and cardholder data.
• Regularly test security systems and processes, and perform a quarterly network vulnerability scan.
• Maintain an Information Security Policy.
• Report to the Payment Card Industry according to the requirements of your merchant level.

Your Magento Go store is hosted in a PCI compliant, “Tier 4” data center. However, in addition to maintaining a secure hosting environment, there are additional requirements which are the responsibility of each merchant.

Although reporting requirements are waived for small businesses that process fewer than 20,000 credit card transactions per year, by conducting business within these parameters, you will be in compliance with the requirements and have the satisfaction of knowing that you are doing all within your power to provide your customers with a safe and secure shopping experience.  As your business grows, your PCI reporting requirements will increase in proportion to your merchant level. To learn more, visit the PCI Security Standards Council website.

For verification of the PCI Compliance of your Magento Go store, please see this document.