Answer the question
In order to leave comments, you need to log in
PCI DSS Certified
The task is to pass the PCI DSS certification for the e-commerce site to accept cards on the site.
All companies providing such services do not report anything specific until you fill out a few questionnaires.
Therefore, I ask the Khabovites for help:
1. How much (approximately) can such certification cost? In Level 4, we fit in the number of transactions.
2. How long (approximately) does this certification take?
Well, an offtopic question:
3. Has anyone met on their own example, maybe they have seen some research, how does the conversion change when switching to the system, when the user enters card data directly on the store's website?
Answer the question
In order to leave comments, you need to log in
Hello, I am a QSA auditor, if you are a Level 4 online store, then you need SAQ and ASV. SAQ is a PCI DSS Compliance Self-Assessment Sheet. ASV is a site scanning for vulnerabilities.
If you want to store card data in your system, then you need SAQ D - it costs about 10K USD and 4 months, and if you only transfer it through your website to a payment gateway or bank and do not store it with you, then SAQ C is about 6K USD and 2 months, if you don’t transfer, but send the buyer to the payment gateway form, then about 2K USD and 2 weeks in total. I can help you write.
I remind you that with PCI 1.2, the auditor bears material and reputational responsibility for the company being audited, so chocolates can be hidden on the table)
1. The amount is highly dependent on your specifics. from 10k euros, be guided
2. in time, all papers, then checks and audits take at least 4 months to six months
3. it all depends on your further actions. after all, you still need to establish work with the payment gateway, set up some kind of anti-fraud on your or their side, etc. a lot of nuances
and you will also need a very sensible admin
It all depends on the volume.
If Level 1 - then yes, from 10k, the audit is in place. It can be faster than 4 months, it all depends on the workload of the auditor and your readiness.
If Level 2 - then just fill out the questionnaire and scan for vulnerabilities. The amount will be several times less.
> how does the conversion change when switching to the system, when the user enters card data directly on the store website?
I think the buyer will entrust his card details to the payment gateway more, where everything will be done more securely.
obviously, necroposting, but there is no point in doing PCI DSS for the sake of ENTERING data on the site pages, because any sane PSP already provides such a function.
Another thing is that PCI DSS do for card data storage. And if you do not have a direct need to store customer card data, there is no point in doing PCI DSS.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question