The main requirement for online-shop is PCI DSS compliance. Payment Card Industry Data Security Standard (PCI DSS) - a security standard initiated by Visa, MasterCard, Diners Club, AmEx, JCB and regulating plastic cards data storage, receipt and transfer operations (magnetic stripe, CVV codes, track data etc). Compliance with this standard is mandatory for the Merchant. If Merchant's transactions don't exceed 20 000 card transactions a year and he doesn't keep records of the plastic cards and doesn't have eye contact with the cardholder he is a Category 4 Merchant in the "PCI DSS" security standard that doesn't need to give the Self Assessment Questionnaire to the bank.
- Merchant 1 - more than 6 mln. transactions
- Merchant 2 - from 1 to 6 million transactions
- Merchant 3 - from 20 000 to 1 million transactions
- Merchant 4 - up to 20 000 transactions + conditions described above
Merchant categories 1 through 3 must pass regular security audits of their resources, so-called PCI DSS compliance.
Merchants have to pass PCI DSS compliance audit annually. Merchants in categories 1-3 have to pass an Annual on-site Security Audit.