It’s official – BigCommerce is now PCI compliant.
BigCommerce has completed thousands of changes that have taken thousands of man hours. BigCommerce has signed Attestation of Compliance and have worked with their assessing company for more than 12 months now to make this happen. It’s a great day for all of everyone at BigCommerce and their users and they should be proud to be one of the very few hosted shopping cart platforms that is PCI compliant.
Below are answers to some common questions around PCI compliance.
What Is PCI Compliance?
According to Wikipedia…
The Payment Card Industry Data Security Standard (PCI DSS) is a worldwide information security standard defined by the Payment Card Industry Security Standards Council. The standard was created to help payment card industry organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organizations that hold, process, or exchange cardholder information from any card branded with the logo of one of the card brands.
Validation of compliance can be performed either internally or externally, depending on the volume of card transactions the organization is handling, but regardless of the size of the organization, compliance must be assessed annually. Organizations handling large volumes of transactions must have their compliance assessed by an independent assessor known as a Qualified Security Assessor (QSA), while companies handling smaller volumes have the option of demonstrating compliance via a Self-Assessment Questionnaire (SAQ). In some regions these SAQs still require signoff by a QSA for submission.
What Does This Mean For Existing Clients?
As an existing BigCommerce client it simply means that the security around our data center and software is certified as rock solid. There are no changes you need to make and your store is PCI compliant.
How Can I Prove To My Bank You’re PCI Compliant?
Your bank will require a copy of our Attestation of Compliance which you can download as a PDF. Simply email this document to your bank. That’s all you need to do. BigCommerce will appear in Visa’s list of PCI compliant solutions in the next 3-4 weeks.
What About PA-DSS Compliance?
Because BigCommerce is an application developed by us and hosted on our PCI compliant network, it is not required to be PA-DSS compliant.
CONGRATS TO EVERYONE AT BIGCOMMERCE AND EVERYONE WHO ARE CURRENT USERS OF BIGCOMMERCE!