Compliance with the Payment Card Industry (PCI) data security standard is required of all merchants that store, process, or transmit cardholder data. Even if your website is not storing credit card data and using an internet merchant account, your ecommerce solution still transmits that data and is thereby subject to PCI compliance rules. A "merchant" is defined as any entity accepting payment via any form of payment card. The program applies to all payment channels, including retail (brick-and-mortar), mail/telephone order, and ecommerce. The PCI standard is endorsed by all credit card brands within their respective programs, including Visa (CISP and AIS programs), MasterCard (SDP), American Express, Discover Card and JBC.
The PCI Data Security Standard consists of twelve basic requirements and corresponding sub-requirements. Certification requires passing an initial vulnerability assessment, annual reassessment and ongoing compliance management to ensure that the certified entity meets or exceeds the standards set by the PCI Council. Our systems are scanned daily by McAfee Security Services and audited quarterly for compliance certification.
Speartek's Certificate of Compliance and additional information may be obtained by contacting us here.