Massive losses are made each year due to credit card fraud and so to combat it, the Payment Card Industry (PCI) have created stringent data security standards (DSS) for online retailers to adhere to.
Any WHMCS user that uses a merchant account such as Authorize.net, BluePay, SagePay, etc... or offline credit card processing and therefore has credit card details passing through their website must comply with the PCI DSS controls and processes. Anyone who doesn't risks costly fines should a breach occur.
There are 12 core requirements for meeting the PCI DSS, divided up into 6 key groups:
Build and Maintain a Secure Network
Protect Cardholder Data
Maintain a Vulnerability Management Program
Implement Strong Access Control Measures
Regularly Monitor and Test Networks
Maintain an Information Security Policy
It is important to note that while WHMCS is an integral part of the chain in obtaining PCI Compliance, the majority of the above rules relate to your hosting environment, network, and staff procedures.
To help our customers achieve PCI Compliance, we have teamed up with McAfee® and are therefore able to offer a substantial reduction on their normal service rate. McAfee PCI Compliance Service is a simplified, easy-to-use system that enables Level 2-4 merchants to successfully satisfy PCI DSS compliance requirements. Click here to find out more...
The information shown here on PCI Compliance should be used as a guide only and WHMCS Ltd. makes no warranty of any kind for the correctness or accuracy of this information. Additional advice should sought as appropriate.
