Wine Technology Blog @ WineWeb.com

PCI Compliance -- Are You There?

Posted At : September 12, 2008 7:39 AM | Posted By : Ron Kreutzer
Related Categories: Winery Services, Retailer Services

We just finished our annual PCI Data Security Standards asssessment and have made sure that we are still in compliance for accepting and storing credit card data. Luckily, having done over 70 computer control audits in what feels like another lifetime, this process was relatively easy, although the 200 questions did take some time to answer and verify with our policies and procedures.

While previously there was an exemption for small companies, now every merchant that accepts credit cards must complete an annual assessment in order to be compliant with this requirement (www.pcisecuritystandards.org for more info). If you use an e-commerce service like ours (WineWeb), then the process is simpler with about 30 questions in the assessment. However, if your company has it's own shopping cart software running on a web server and you store credit card data electronically, then you're into the long questionnaire, which requires things like an "Encryption Key Custodian Acknowledgement" and an "Incident Response Plan". You've got those, right?

Comments (0) |

Print |

Send |

Tweet |

Ping.fm |

del.icio.us |

Digg It! |

Linking Blogs | 1343 Views

Comments

There are no comments for this entry.

[Add Comment] [Subscribe to Comments]

Introduction

Insight, comments and rants on the state of technology in the wine industry, from the folks at WineWeb, who provide winery and wine merchant websites, e-commerce and point-of-sale services, along with an electronic marketplace listing over 35,000 wineries and 200,000 wines.

Enter your email address to subscribe to this blog.

RSS