August 18, 2005 -- (WEB HOST INDUSTRY REVIEW) -- The recent move by major credit card companies including Visa and Mastercard to enforce plans to do business only with companies validated by Visa's Cardholder Information Security Program and MasterCard's Site Data Protection program has left many e-commerce software providers scrambling to enhance their technology to meet the combined Payment Card Industry compliance standards.
And many vendors are encountering more problems than they expected in working to achieve compliance, putting companies able to meet the standards in a favorable position.
Bill Tait, CEO of Chicago-based e-commerce software developer Mercantec (mercantec.com) says his company is one of only a few e-commerce vendors, along with eBay and LaGarde , recognized by Visa's Cardholder Information Security Program Payment Applications Best Practices program.
Mercantec's PowerCommerce 2005 product line enables businesses to create and operate professional Web sites and storefronts that are PCI/CISP compliant.
The company's suite of products includes a Web site builder PowerWebBuilder, e-commerce storefront PowerSoftCart, appointment scheduling and calendar PowerService, credit card and PayPal gateway PowerPayment and eBay listing and order manager Marketplace Manager.
To achieve compliance with CISP, merchants and service providers must adhere to the Payment Card Industry Data Security Standard, which offers a single approach to safeguarding sensitive data for all card brands.
Visa and MasterCard joined together to create this standard based on shared industry security requirements while incorporating the CISP requirements. Other US card companies have also followed suit, endorsing the PCI Data Security Standard within their own programs.
"From a merchant's standpoint it's a good thing that the requirements are being well-defined and that the different card companies have come together," says Tait.
The initiative, however, may put many merchants and e-commerce providers out of business if they cannot achieve PCI/CISP compliance.
With strict measures for hosting providers such as having multiple servers available for each merchant, a separate database server and Web server, and a dedicated firewall, it is next to impossible for a shared hosting provider to reach compliance. Many e-commerce providers are running into the same problem.
The Web host, e-commerce software and payment gateway must all adhere to the basic requirements in order for the merchant to have an end-to-end solution that's compliant.
Mercantec licences its software to Web hosts who then bundle it within their hosting plans, creating e-commerce plans around it, making it possible to offer PCI standard compliant e-commerce offerings.
"I believe that there will be a lot of shopping carts that will have a difficult time achieving compliance," says Tait. "As a result, the card companies will, over time, will frown on them when they put through transactions."
