Legal Matters - TOS, AUP, Privacy Policy

Payment Card Industry Data Security Standards (PCI DSS)

Netports accepts credit card payments for services on this website. We utilise the e-Path credit card payment gateway to facilitate the accepting of your credit card charge authorisation. e-Path provides Netports with a dedicated THAWTE SSL protected PCI compliant environment for our customers to safely and securely enter their credit card details.

For added security and protection for all involved, there is no blind automatic processing of credit card transactions on the open internet with Netports. Netports does not operate with a real time online (e-commerce) credit card payment processing system where transactions are instantly attempted on the open internet. Instead, Netports comprehensively validates each and every order received and only if approved will then the credit card transaction be performed internally.

Our Netports Accounts Services Portal site provides our customers with the ability to interact with our accounts and billing system. This is also served from a THAWTE SSL protected environment which has passed all PCI compliant vulnerability scanning requirements as independently assessed by an approved PCI and VISA AIS network security auditor/vendor.

Please see ...

Netports PCI Compliance Report.

The Payment Card Industry Data Security Standards (PCI DSS)

The Payment Card Industry Security Standards Council was established by a consortium of credit card providers including Visa, Master Card, American Express, JCB and Diners Club.

In 2006 the Payment Card Industry Security Standards Council released its first new security standard, known as the PCI DSS (Payment Card Industry Data Security Standard). This standard continues to update and evolve. The standard states, amongst other things, that if credit card data is being stored, captured or transmitted on or from a website then PCI DSS certification is required. Without proper PCI DSS compliance a website or shopping cart can not accept credit cards online. Period.

When you become a hosting customer of Netports and want to accept credit card payments on your website, Netports will provide you with professional guidance to ensure you are accepting credit cards legally under the new PCI DSS regulations.

The PCI DSS is not a law; however, it is enforceable by the credit card companies through contractual penalties or sanctions. Any person or business accepting credit cards online that does not comply with the PCI DSS rules now most certainly risks facing heavy fines (believed to be anywhere from $5,000 to $250,000) and the possible suspension of their merchant account facility by their bank. Implications of non-compliance can be very severe indeed. The merchant services or business banking department of any bank will confirm this as will Visa Asia Pacific, Master Card, American Express. Both Visa Asia Pacific and Master Card have main offices in Sydney, please feel free to confirm matters with them directly.

Some Questions & Answers on PCI

If I want to accept credit cards on my site, does my website need to become PCI DSS compliant?
Yes. if your website touches or handles credit card data in any way which can include sending it off to a real time payment gateway for processing, but no if you intend to utilise a PCI compliant manual payment gateway such as e-Path. With e-Path your website does not touch credit card data so PCI compliance is not needed for your website or shopping cart. The e-Path gateway package includes a dedicated PCI compliant environment, therefore your online card handling activity is 100% compliant with PCI.

My friend says because my Magento shopping cart encrypts credit cards and its all protected by SSL, that I don't need to be PCI compliant.
Your friend is wrong. The official definition of when PCI certification is required is ....

"PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted. If a PAN is not stored, processed, or transmitted, PCI DSS requirements do not apply". (The "PAN" is the 16 digit credit card number)

As you can see, even if your website simply transmits credit card data to your real time payment gateway you still need to be PCI compliant certified. Neither encrypting credit card data nor an SSL, or both, makes your website or shopping cart PCI compliant certified. Only PCI compliance certification makes your website/shopping cart PCI compliant and OK to be accepting online credit card payments and/or charge authorisations.

I have a shopping cart site accepting credit cards, how easy is it to become PCI compliant certified?
a) If your website is storing, processing or transmitting credit card data in any way, shape or form then we suggest you secure professional assistance and/or advice from an approved PCI assessor. Here are a few ...

Your website/shopping cart most certainly needs to become PCI compliant certified in its own right.

b) However, if your website utilses a payment gateway solution such as e-Path, where the customer enters sensitive credit card details within the e-Path PCI compliant secure environment, then PCI compliance is not needed for your website or shopping cart at all because your customers are already being protected by the e-Path PCI compliant environment.

While a remotely hosted payment solution may not suit some, it is actually a very clever and low cost idea as it eliminates the need for you to be concerned about PCI compliance all together and card holder confidence is arguably increased because they can clearly see they are being handled by a dedicated and highly secure professional payment gateway service.

Does Netports provide hosting services certified as PCI compliant by an approved PCI security scanning auditor?
Yes. Netports can provide Hybrid servers and dedicated servers that deliver a PCI compliance status as determined and confirmed by ANY Payment Card Industry Security Standards Council approved PCI scanning auditor/vendor

PCI compliance and the maintaining of a PCI compliant hosting environment is a specialist security area. There is an extra cost for this service.

IMPORTANT: Netports provides information on PCI as a courtesy only. For definitive information on PCI please contact the appropriate authorities which include the Payment Card Industry Security Standards Council, Visa Asia Pacific, Master Card, JCB, American Express or consult with the merchant services department of your bank.

See also:
The Payment Card Industry Data Security Council
Visa AIS
e-Path Credit Card Payment Gateway

Hosting Services Partners

Click to verify THAWTE SSL
© 1999 - 2024 NETPORTS PTY LTD | ABN: 74162532694
Webhosting Australia
eCommerce Payment Gateway by e-Path
Website by the Netports Team