eCommerce Payment Gateways

Online Payment Gateway resources and references

Member Login
User Name:

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard (PCI DSS)


This is a standard security measure that was introduced to provide enough security of customers’ information. Major payment gateways like Visa and MasterCard who originally started it, others like; American Express, Discover and JCB, started the PCI Data Security Standards in 2006. Credit card details of clients ought to be protected from being leaked into the public domain. Major payment gateways joined together and introduced a task force whose main focus was to curb fraud cases and secure their clients information. PCI are important to all payment gateways that provide financial services like accepting credit and debit cards, transmitting cardholders’ data and processing transactions via the internet.

PCI DSSs are found on their website,

All payment gateways are no required to be PCI compliant no matter the size of their database. This is enforced to make customers feel safe that their private information cannot be compromised. Deadlines for PCI compliance are usually stipulated by the merchant banks.

PCI compliance levels

There are 4 merchant levels for PCI compliance and all of the merchant are usually in one of the levels during a one year period. They include; level 1, 2, 3 and 4.

Level 1: Merchant

This level is for all merchants who process 6M Visa Cards a year no matter what acceptance channel they are using. All merchants are required to fulfill the level 1 PCI compliance so that there is a standard level of security for Visa.

Level 2 Merchant

This is for all merchants processing 1M-6M Visa transactions a year. This is ignoring the acceptance channel that they use.

Level 3 Merchant

Level 3 is a requirement for all merchants the process 20,000 to 1M Visa e-commerce transactions a year.

Level 4 Merchant

In this level, a merchant who processes less than 20,000 Visa e-commerce transactions a year and any other merchant that processes 1M Visa transactions a year.

For merchants that have become victims of hacking that led to compromising customers data, then they are moved into the next level that is higher.

It is normal for merchant to be in different levels and this makes low level merchants to have a cumbersome process to be PCI compliant. There are steps that are followed for small size businesses on the internet to be PCI compliant.

  1. Validation is identified to know the type of Self Assessment Questionnaire that matches with your business
  2. Filling the Self-Assessment Questionnaire accordingly.
  3. Prove the passing the vulnerability scan from an Approved Scanning Vendor (ASV).
  4. Complete relevant Attestation of Compliance to its full
  5. Prove the passing of the SAQ and the attestation of PCI compliance.

These steps will satisfy the PCI to certify you as a PCI compliant merchant. The major payment gateways have jointly agreed that PCI DSS is a must for companies that transmit payment cardholders’ data. The security requirements that are mandatory for merchants may include:

  1. The use of firewalls to secure data
  2. Avoiding the use of default passwords and other secure information
  3. Guard data that has already been stored
  4. Update your antivirus software on a regular basis
  5. Use a different user ID for each customer
  6. Avoid access of cardholders data into the public
  7. Test security systems regularly

Major credit card frauds and how to curb them

Theft of Identity

This is where frauds use other people’s information to conduct a transaction this fraud can be prevented by asking the customer to verify their identity.


This is when a person receives a message to send their credit card information from frauds. This information may be used to break the law. To avoid this problem, customers are urged to confirm the source of any message that asks them for their credit card information.

Page jacking

It is common on the internet. This occurs when a person follows a link and is redirected to a page that is not recognized. It is somehow challenging to avoid page jacking. This fraud is dangerous as you may find yourself purchasing a product through a fake site. Merchants should be careful and ensure that their sites have not been stolen to minimize this problem.


Fee scams happen when you are asked to provide an advanced payment and in return you will earn some money. To arm yourself against this vice, don’t accept these offers.

Check scams come inform of large payments. A customer may be willing to pay more in advance or even overpay for a product using checks. Be wary as this may be a scam to get free properties.

Money orders

Though they are mostly safe due to counterfeit security measures, some experts have specialized in making fake money orders. Check carefully for any money order from risky parts to curb this problem.

Some e-commerce sites found it difficult to prevent fraud in the early stages of the introduction of e-commerce. This has greatly been reduced due to the fact that there are fraud detection systems now available. Below are some of the suspicious behaviors experienced by many merchants online.

  • Fake new customers who use other people details to make a transaction.
  • Orders that are abnormal- These involve large orders and are mostly done by new customers.
  • Identical orders that are large. When a customer purchases many items that are similar might be a fraud transaction.
  • Getting less time shipping of merchandise- This involves customers using channels that deliver merchandise quicker than normal.
  • Using of international shipping addresses- verification of addresses can only work in the U.S. and U.K. this presents a possibility of fraudulent shipping of products.
  • Making payments using same account numbers in credit cards- This is where some criminals use software’s to generate account numbers and use fake numbers to make a purchase and then cease to use them when they have completed the transaction.
  • Having different cargos shipped to many different addresses using a similar credit card number. Happens when frauds use the same credit card number and have the products shipped to different places.
  • Many orders from one IP address but with different credit card numbers. Frauds use the same computer but with different credit card numbers to order for a merchandise.

PCI produce an environment that is conducive for financial services to be conducted in a safe and secure manner.