This is a guest post written and contributed by Steve Vitale, Director of Ecommerce for Spencer’s, a Rackspace Hybrid Cloud customer. Spencer’s is a lifestyle retail company that operates two unique, national brands, Spencer’s and Spirit Halloween, throughout the United States, Canada and online.
Meeting Payment Card Industry Data Security Standards (PCI-DSS) can be a complex and costly exercise for the average ecommerce merchant. What's challenging is that there's no one-size-fits-all approach to achieving and maintaining PCI compliance.
The Payment Card Industry (PCI) Data Security Standard (DSS) requires that if you accept, transmit or store credit cardholder data you must meet the requirements contained within the standard. The problem is that many people don't know what that means. If you deal with credit cards and are required to meet the PCI DSS, my advice is to find a way to limit the scope of your compliance as much as possible. Rackspace recently concluded a two-year effort to receive our PCI Service Provider Report on Compliance (ROC) as a Compliant Level 1 Service Provider from Visa USA.