 Welcome to The Journey. Today we're talking about PCI DSS compliance for your e-commerce site. All right, today we have our special guest, Alicia from Security. She is the security expert today to talk about PCI DSS compliance. Now, other than just a super long acronym, what is it? So PCI DSS stands for the payment card industry data security standards. And it's a set of regulations that were actually created by the major credit card companies. So Visa, MasterCard, all those big ones, they got together and they created a list of standards on how people should be using credit card data to keep cardholders safe. Okay, so literally anything credit card, right? Totally, yeah. If you're taking credit cards over the phone, if you have a brick and mortar store, or if you have an e-commerce store, you need to be PCI compliant. All right, so why is this PCI DSS compliance a thing? Well, it's really to keep consumers safe, right? If you're using your credit card online, you want to feel like you're doing so safely. And so it's a way to make sure that they're penalizing organizations who are not taking care of your credit card data. So 57% of consumers actually lose trust in an organization after knowing that there was a data breach on the site. Wow, that's scary, right? So what happens if we're not compliant? There can be a lot of different things that could happen if you're found to be non-compliant after a data breach has occurred. Okay. Probably the worst one is that you could actually lose the ability to process credit card transactions even if you're using a third-party payment processor. Yeah, so that's not an idea. That could like tank your whole business if you can't take credit cards online. But yeah, you can also be fined. There can be hefty fines if you're found to be an offender. What are those fines look like? It could be tens of thousands of dollars for a very small business. All right, so I'm an e-commerce site. I know I need to be PCI compliant. What does that actually mean? What are the actions that I need to take? For sure. So probably the most important thing is to get over to the PCI Security Standards website and take the self-assessment questionnaire. Okay. Some of the requirements have things to do with like having a website firewall to make sure that you're only allowing in good traffic and blocking malicious attackers. Sure. Obviously changing default passwords. Things like that are really important, but also there's requirements about protecting cardholder data and how do you store the data? How do you transmit the data? Using an SSL certificate is very important to make sure that when people are typing in their credit card on your website, when they hit send, it's being scrambled while it's being sent to your server. Right. And you taught me this. There's no one in the middle just sniffing out that traffic, right? Exactly. Very good. I think what's important, remember, like there's a lot of things that you have to do to become PCI compliance, but it's about protecting your business and protecting your customers at the end of the day. On the security blog, we talk a lot about different types of magento like credit card stealers, but those can impact any e-commerce site or e-commerce plug-in. Sure. It can even happen where instead of, you know, actively stealing the credit card information from your site, they could actually infect your website and redirect people from your payment gateway to a malicious one that looks like your payment gateway. So not only are you losing sales, but your customers are having their credit card stolen too. So it's doubly awful. You were telling me that was happening with PayPal. They would basically make a site that looked exactly like PayPal, so nobody was the wiser. And that is just awful. Yeah. Basically, they're phishing your customers by putting up a site that looks very similar. It's a really terrible problem, and hackers are getting better at making really convincing phishing pages. Right. That's super hard to track too, because you don't know. You just think your sales are just going down. You're trying to figure out how to boost sales. Totally. It could be like one in every three sales that they're redirecting and you're none the wiser. So that's why it's important to have a website firewall and to also protect your website as well as whatever you're using to process credit card transactions. So thank you so much for taking us through just an overview of PCI DSS compliance. I know it's a lot, but you've been awesome. Thank you so much. It was awesome to be here. We'll have some more resources down in the description below. Make sure you like this video. Add a comment on something that you learned. While you're there, subscribe to this channel. Ring that bell so you're the first to know when these videos are coming out. This is The Journey. We'll see you next time.