INTERNET SERVICES
Access
Accounts
Web
Hosting
E-Commerce
Domain
Name Registration
TaosNet
Terms of Service
Resource Center
Member Services
Remote
Backup System
|
 |
E-COMMERCE
Due to recent changes in the rules used to secure credit transactions
TaosNet no longer offers hosted e-commerce solutions. We wish to share
with you some important information affecting e-commerce that will no
doubt impact the way you do business. This message is primarily
directed to any merchant who takes credit card payments for any
products sold or services rendered but should also be of interest to
anyone who uses credit cards. The credit card industry has developed
Payment Card Industry Data Security Standards (PCI-DSS) to protect
cardholder data and reduce the fraud rates, especially with the
tremendous growth of on-line stores. In essence the credit card
industry is pushing the cost and responsibility for credit card fraud
to you, the merchant.
If you are a merchant who takes credit cards as a form of payment, you
have or will soon be contacted by your credit card processing vendor
about becoming PCI compliant.
TaosNet works at the forefront of emerging issues that affect our
clients and community at large. It is for this reason that we have
taken it upon ourselves to inform you, our clients and friends, of the
sweeping changes that are currently occurring in the credit card
industry. The buzzword for all merchants who take credit cards as a
form of payment is "PCI Compliance". This affects every such merchant,
whether credit card info is taken on-line, in your retail location,
over the phone or by any other means. You will eventually, if not
already, be required to be "PCI compliant" if you want to continue to
take credit cards as a form of payment. Failure to do so and any breach
of security resulting in unauthorized release of any credit card
information that a merchant has taken at any time may result in very
large fines imposed on the merchant by the credit card companies. We
have seen this happen, and the results can be devastating. This
responsibility lies solely with the merchant as part of the merchant’s
agreement with their respective credit card processing vendor and the
credit card companies themselves.
TaosNet has become familiar with some of the issues involved with PCI
compliance and are willing to assist our clients in becoming PCI
compliant. Please contact any of us, and we will be willing to consult
on your individual needs and concerns.
For those merchants who do not take any credit card information via the
Internet in any way, but do so at their business location, you will
still need to prove PCI compliance. Regardless of how you store the
credit card data, whether on paper or electronically on any local
computer/server or Point of Sale (POS) system at your business
location, you must be aware that certain security policies must be
followed to be PCI compliant.
For those merchants who do accept on-line credit card transactions,
please read on. Your risk and responsibility for PCI compliance
increases dramatically. The cost in money and time to become compliant
may be significant. TaosNet hosts a large number of web sites, some of
which are very simple and more resemble the standard printed brochure
advertising a business.
While TaosNet does not monitor the content of web sites hosted, there
are a number of hosted web sites that provide a means to accept credit
card information on-line. Some may be simple "contact" type forms that
email submitted forms. If these forms include any credit card
information, a dangerous situation arises because email is usually not
very secure if at all! Other web sites may use one or more of a number
of different shopping cart systems ranging from simple to very
sophisticated. This software may or may not be PCI compliant, and may
or may not even reside on the same server as the rest of the website,
compounding issues of compliance control. TaosNet does not monitor
content and the quality of web designer programming code that makes up
the web site, and for many other reasons TaosNet must provide this
disclaimer.
While TaosNet attempts to maintain secure, reliable and updated web
servers, email services, name servers, and other service and system
components, TaosNet makes no guarantee that this is always the case.
Nor does TaosNet guarantee that any of its servers will always be PCI
compliant when scanned by an PCI-Security Standards Council Approved
Scanning Vendor (ASV). Even if a TaosNet web server was certified as
being PCI compliant, that does not mean that an individual web site
residing on that web server is PCI compliant. Please contact your web
developer about PCI compliance issues because non-compliance can be the
result of the programming by the web developer that makes up the
content of an individual web site.
TaosNet will not
be liable for any fines, penalties, legal fees or any other liability
incurred by merchant should there be a security breach regarding credit
card or any other sensitive information where a TaosNet server or any
TaosNet network component is a victim of, or a conduit for, such a
security breach and the subsequent fraudulent use of unauthorized
release of said information. Any use of TaosNet services constitutes
your agreement of this disclaimer.
Thank you for your understanding. We stand ready to share with you our
knowledge and experience.
|
