Many of you will already be aware of the importance of data security, and the responsibilities we as merchants and service providers hold in protecting the customer and credit card information entrusted to us.

Incidences of breaches in security or privacy as a result of software and systems failures are an almost constant feature in the news, with recent high profile incidents with government departments highlighting this.

When it comes to Ecommerce, and when you consider the hostile environment in which these applications live, then as both users and Ecommerce providers, we must be both conscious and conscientious around protecting the data we hold.

To this end, the requirements of the PCI-DSS (Payment Card Industry – Data Security Standard), provide a good minimum standard for organisations dealing with cardholder information to meet.

Source: CRE Secure

This standard is a comprehensive document of around 300 pages covering a wide range of security considerations and requirements that must be met on both a physical (E.g. door access control and security cameras), and a technological level (E.g. how changes to applications are recorded, and the protection levels that need to be applied to cardholder data).

There are 4 levels to PCI compliance, from level 4 to level 1, with level 4 requiring simple self-assessment, through to level 1, which requires an intensive annual audit conducted by as external QSA (Qualified Security Assessor).

EstarOnline has been a PCI-Level 1 compliant organisation for over 4 years, we were one of the first in the industry to attain this, and the first Ecommerce provider in Australasia. We are still, to our knowledge, the only Ecommerce provider in New Zealand to attain (and exceed) this standard.

It is a standard we are proud to maintain, and provides and independent demonstration that we take the security of our clients very seriously. Within the company, security is simply the first (even if unstated) consideration for any development we undertake.

Whilst there are cynical views of PCI-DSS that see it as a means to shift responsibility away from the cards brands to the merchants, a more positive view is that it provides consumers and merchants some certainty around the security of their data and the providers responsible for holding it.

Source: PCI Advisers

When the loss of credit card data carries with it some rather daunting penalties and fines, it is imperative that secure systems and software are used to mitigate and protect against this. To this end, your choice of EstarOnline as a PCI-Compliant Ecommerce provider gives you the confidence to focus on your online sales, whilst we handle the task of keeping those sales, and your data, secure.

Matt Neale, Software Development Manager, Estar Online

EStarOnline are leading providers of premium ecommerce platforms and online retail solutions to Australasia’s leading brands. Experts within the field of Ecommerce websites and mobile commerce since 2000, connect with them here: