What is PCI compliance and SSL Certificates?

Web businesses that do online payments and online retails may come across the terms PCI compliance and SSL certificates. Sometimes these are mentioned in your hosting packages. What do they really mean?

You are about to find out more about these two terms in the article below. It is important that you know a couple of common and important terms when it comes to eCommerce so that you can fully understand the operations of your web business. It is not enough that you have good product photos and cheaply-priced products. You need to know your selling requirements and the steps you need to do so that your consumers are all safe from account fraud and hacking issues.

What is PCI compliance?

PCI stands for Payment Card Industry. It is a set of standards that a payment facility must adhere to in order to make sure that the transactions are effective, efficient and above all, safe. This comprises of four merchant levels that vary in income and capability. Each level has its own set of features that are “activated” whenever you reach a particular level.


The highest level is level 1, for merchants processing over 6 million Visa purchases per year. The lowest level is level 4, for merchants that have below 20,000 Visa purchases per year.


Why do you need it?

PCI compliance is great for merchants who want extra security and reliability in their services. This assures you that more payment gateways may want to work with you. Plus, some banks apply fines for merchants that are not PCI-compliant.


So if you are a small retailer, what are you to do? The easiest thing is to try to be PCI-compliant on your own OR get pre-built payment gateways and shopping carts so that you don’t need to worry about the nitty gritty details.


What is an SSL certificate?

An SSL certificate, on the other hand, relates to the mode of encoding of your data, as it is being transferred from your server to the browsers that read and view your pages. This is relevant in terms of making sure that the data that goes through your site, from usernames and passwords to credit card information, remains encrypted. The encryption key, is controlled by you, so that in the ideal world, your server is the only one that can decrypt the information properly.


SSL certificates block a huge amount of attempted hacks into secure systems. This is important for services that handle confidential information.

Do you really need all these layers of security?

Only you alone can answer that question. It really depends on what sort of data your site is handling. For some, this may just be unnecessary layers and expenses but for others, it may be the backbone of their business.


For those who have similar sites like the one below, you can easily skip these security layers:

  • Blogs
  • Brochure-like web pages that don’t have login accounts
  • User-generated content sites that don’t need to tightly protect their data


However, you may need these things if you are a:

  • Credible news page
  • Banking or any financial institution
  • eCommerce sites that accept online payments and transactions


Kim is a free lancer writer of iPage Review.