How do PCI requirements affect you as a Chargify merchant?
This blog post breaks it down into short sections and steps:

• Who and what is PCI?
• PCI levels - and which is right for you
• Where to get required forms
• How to complete and submit your form

Who and What is PCI?

“PCI” is a term that’s coming up more and more in 2011 as banks and credit card processors get more serious about credit card data security.

The acronym “PCI” stands for “Payment Card Industry.” The full name of the organization is “The PCI Security Standards Council,” which is an organization founded by American Express, Discover, JCB International, MasterCard, and Visa. Their website is https://www.pcisecuritystandards.org.

They defined a number of security standards, but the one that’s relevant for Chargify and our merchants is called “PCI-DSS,” which stands for “PCI Data Security Standard.”

For the sake of brevity, I’ll just refer to the organization and the PCI-DSS as “PCI” in this post.

Back in October we announced that we were on the verge of becoming PCI compliant. Today we are happy to announce that Chargify is officially Level 1 PCI compliant. The Chargify team worked really hard to make this happen and it’s a great step for both Chargify and our merchants.

Why is this important?

Being PCI Level 1 compliant means we’ve been thoroughly evaluated by outside auditors to ensure we run a “tight ship” (see our certification here). Level 1 compliance is the highest certification and requirement for large processing companies. These standards dictate everything from how we secure physical infrastructure to what processes software developers can use to update production systems. 

PCI Level 1 reaches into many parts of Chargify and makes us a better company for it.

This is a huge benefit to our merchants. By letting Chargify handle credit card data, our merchants can off-load almost all PCI responsibilities.  It took us 9 months to do everything needed to reach PCI Level 1, and that’s something few companies want to go through if they can easily avoid it.

Be on the lookout

In the upcoming weeks we will cover what it took to become PCI compliant and how you as our merchants can make sure you too are abiding by all standards.

This is a great achievement for the Chargify team!

There have been several articles in the news lately involving credit card mishaps & billing mistakes.  Capital One billed a woman $286 million dollars, Gameloft (a mobile game developer) double-charged a number of customers and the Minnesota Attorney General is suing Discover for signing people up for credit card protection they didn’t request.

No wonder customers are apprehensive about giving out their billing information!

The good news is there are things we can do to ease our customers’ fears when it comes to their credit cards…. and they are pretty simple.

Check-In

If you use Chargify you know we have both an online dashboard and an iPhone app to help you keep track of your company’s key metrics. You can see daily revenue, new signups, total customers and more.

Since 2006, more and more small business owners have been focusing on PCI compliance. If your business accepts credit card payments, you need to be concerned about it, too. In addition to there being penalties for non-compliance, there are actually sound, common-sense, self-interested reasons to comply voluntarily.

However, like many new requirements, there is plenty of confusion surrounding this one. That’s why today, we’re taking a few moments to explain the basics of what PCI compliance is and what small business owners need to know.

What Is PCI All About?

Also known by its full name of Payment Card Industry Data Security Standard (or PCI DSS), PCI is simply a series of requirements mandating that all merchants process, store and transmit credit card data within a secure environment. It applies to any business that possesses a Merchant ID.

The initiative was launched in September 2006 to help strengthen account security throughout each step of the credit card transaction process. The PCI DSS is managed by an independent body called PCI SSC which consists of representative from major card brands like Visa, MasterCard, AMEX and Discover.

As PracticalCommerce.com explains, PCI compliance requires your business to:

• Maintain a secure network
• Protect cardholder data
• Maintain a vulnerability management program
• Implement strong access control measures
• Regularly monitor/test your networks
• Develop and maintain an information security policy

With our recent announcement about PCI (Payment Card Industry) compliance here at Chargify, the new statistics put out by Verizon Business couldn’t have come at a better time.

“PCI compliant companies are 50% less likely to suffer a data breach. “

In order to be PCI compliant, there are certain rigorous requirements companies must adhere to when processing cardholder data.  But if you think that the process to become PCI compliant is too overwhelming for you or your company, have a look at what happened in January of 2007 to TJX Companies, Inc when 45.6M card numbers were exposed.

There is a lot we can learn from the data breach they suffered.  After what happened to them, being PCI compliant just seems like a smart business decision and a no brainer to us.

UPDATE

Over the last few hours we’ve received a ton of feedback from our merchants based on the Chargify pricing announcement.

We want you to know that it has not gone unheard.

As an existing Chargify merchant, we appreciate your support over the past year and we want to continue to see you grow with us.

To meet your needs when you’re starting out, we’re offering our existing merchants the Bootstrapper Plan for $39/month. It allows you to manage up to 100 customers.

To signup for the plan, login to your account, go to My Account >> Manage Your Plans, and choose Bootstrapper.

We know that this is still an increase, but we hope you see the added value in our :
* 24/7 U.S. based phone and technical support
* Level 1 PCI compliance in a few weeks
* fully coming out of beta in order to serve you better
* and listening to your Uservoice feedback to develop Spreadable

Please feel free to reach out to us at 800-401-2414 with any questions or concerns. Thanks

———————————————————————————————————————————-

ORIGINAL POST

Over the past year, Chargify has grown as merchants sign up and grow their businesses. We definitely appreciate everyone’s business and support.

But the needs of our merchants, as a whole, have shifted from where we thought they’d be when we set pricing in 2009, so we’re changing our business and pricing to meet those needs.

UPDATE Sept. 7, 2010—- There are now 2 videos with this entry. Check out both to see what you’re getting when you depend on Chargify.—- UPDATE

We recently did a significant system upgrade. Some of you may remember it - it was a few hours on a recent Saturday night.

The upgrade increased our capacity, which we could have done on many computing platforms, but the real story is this: We moved a long way up the ladder of financial transaction experience & security.

Our new transaction processing facility is focused on financial transactions. That’s the majority of their business. The rest of their business is related to healthcare and Sarbanes-Oxley. All serious stuff.

Our knowledge and experience at Chargify is quite good (especially through Grasshopper Group), but it’s not the same as having a large staff with 15 years of highly focused experience.

At our new facility, we’re surrounded by giants like MasterCard, Bank of America, and Toyota. We’re a small fish, and that’s good - we benefit from the standards that are demanded by the big fish.

With over $131 billion in online sales in 2009 (U.S), we have definitely become an e-commerce oriented society. This in turn, means we are also a society where customers are more vulnerable to identity and credit card theft. 

As a business it’s extremely important that you protect your customers’ data. Luckily, there are a number of solutions out there designed to ensure your customers’ data are secure. Aside from software, there are a few precautions you can take:

1. Maintain a Secure Network through Firewalls
   A firewall installation between wireless networks with a secure password policy will prevent any unwanted visitors from accessing credit card information


2. Testing and Monitoring
   Make sure your privacy settings are kept up to date by consistently checking the status of security controls, limitations, networks and restrictions on at least a quarterly basis.


Read More…