Absolutely dating sites no credit card required
This means a large international retail chain handling 6 million transactions per year will still be considered a Level 1 merchant (the strictest level) and will be held to the highest of PCI compliance standards, even if their related ecommerce store processes less than 500 sales orders per month.
Fortunately, if you operate a Saa S-based ecommerce store and do not have any access to any credit cardholder data (which is the case for most modern Saa S commerce platforms), your need for PCI compliance is greatly mitigated.
The SSC defines and manages the standards, while compliance to them is enforced by the credit card companies themselves.
Again, these standards apply to all organizations that deal with cardholder data.
In fact, it’s a costly misconception encountered amongst SMBs who believe they do not need to worry about compliance at all because they don’t do a significant enough volume of online or in-store sales.
Level 1 is the most strict in terms of DSS requirements, where Level 4 is the least strict: Almost all small and medium sized businesses (SMBs) classify as the lower Level 3 or Level 4 merchant, however, this does not preclude the necessity to maintain compliance with the same diligence as larger organizations.
But, these sorts of horror stories still persist today.
In 2005, Wal-Mart had a serious security breach targeting their point-of-sale systems.
This is the purpose of PCI DSS –– and every retailer is required to comply.
Depending on the ecommerce technology and backend a retailer uses, PCI compliance can be an easy check on a long list of things retailers need to do to ensure their customers are transacting securely.