PCI compliance

- [Instructor] One of the scariest parts of eCommerce is handling sensitive information like credit card numbers. And they're so easy to be misused by a malicious entity, they're heavily-controlled by the payment card industry data security standard, aka, PCIDSS, which is usually called PCI compliance. The idea of PCI compliance is to keep all consumer credit numbers secure so there are limitations on what a business can do. Generally speaking, they can't store numbers in plain text. You have to transmit those numbers securely, and you have to limit how many people in the organization can access those numbers. For big businesses that actually store credit card numbers, there is a lot of regulation. Luckily, for most eCommerce companies, you aren't actually storing credit card information. The website sends the checkout page to your browser, which you fill in. The checkout fields go back to the website. But the credit card information is usually sent directly to the payment gateway…
