PCI compliance, SSLs, and you

Do you run an e-commerce store or any other type of online business that takes credit card payments? Then you need to know about PCI compliance and the importance of SSL.

Payments Card Industry (PCI) compliance, refers to adhering to a specific set of technical and operational rules and requirements mandated by credit card companies to ensure secure credit card transactions across the industry. This set of rules is known as the Payment Card Industry Data Security Standards (PCI DSS). The main goal of PCI DSS is to keep credit card user data across the globe safe. These rules and requirements were developed by the PCI Security Standards Council, which is made up of the major players in the credit card industry, including MasterCard, Visa, and American Express.

The PCI DSS has 12 key requirements that all retailers that take card payments must comply with. Requirement 4 states that transmissions of cardholder data over open, public networks must be encrypted, meaning that the data should be hidden and rendered unreadable from malicious third parties. For this, they recommend using strong cryptography and security protocols. This really is a vital step, as without any cryptography in place, transmitted data can easily be compromised and intercepted.

For transactions made over the Internet, this is where SSL certificates come into play. According to PCI DSS, card payments must only be taken on web pages with HTTPS enabled. By installing an SSL certificate on your e-commerce store, you will ensure that all sensitive data, not least credit card information, transmitted between your site and your customer’s browser is encrypted, making for a safe and secure browsing experience. Furthermore, the little padlock icon displayed in the browser bar when a website has an SSL installed serves as a marker of trust; potential customers will feel immediately at ease and knowing that your site is legitimate.

PCI guidelines for choosing SSLs:

The PCI DSS features some guidelines for choosing the most effective SSL certificate for your site. These include:

  • TLS version v1.1 or higher
  • Strong private key
    • 2048-bit or stronger for RSA keys
    • 256-bit or stronger for EC keys
  • Strong cipher suites
    • Cipher of at least 128 bits
    • DH parameters 2048-bits or stronger
    • Export suites are not allowed
    • Anonymous key exchange suites are not allowed
  • Only obtaining SSL certificates from trusted Certificate Authorities
  • No known vulnerabilities should be present (e.g. insecure renegotiation or compression)

In keeping with PCI requirements, all SSL certificates from SSLs.com have the strongest level of encryption available: SHA-256 signature, up to 4096 bit RSA keys, and Elliptic Curve Cryptography (ECC). If you decide to secure your store with one of our SSLs, you’ll be safe in the knowledge that it’s fully compliant with PCI standards.

However, while purchasing and installing an SSL certificate is an important first step, you need to make sure that your server is configured accordingly so that it works properly. We recommend checking out this source for best practices.

Secure your store

Want to secure your e-commerce store with an SSL certificate and keep your customer’s data safe? We have a wide range of SSL certificates to suit your needs, and even have recommendations specifically for e-commerce. Choose yours today.

For more information on how best to secure your online store to comply with PCI regulations, you can read their guide to best practices for securing e-commerce stores.

Share on Twitter, Facebook, Google+