E-Commerce

Due to recent changes in the rules used to secure credit transactions TaosNet no longer offers hosted e-commerce solutions. We wish to share with you some important information affecting e-commerce that will no doubt impact the way you do business. This message is primarily directed to any merchant who takes credit card payments for any products sold or services rendered but should also be of interest to anyone who uses credit cards. The credit card industry has developed Payment Card Industry Data Security Standards (PCI-DSS) to protect cardholder data and reduce the fraud rates, especially with the tremendous growth of on-line stores. In essence the credit card industry is pushing the cost and responsibility for credit card fraud to you, the merchant.

If you are a merchant who takes credit cards as a form of payment, you have or will soon be contacted by your credit card processing vendor about becoming PCI compliant.

TaosNet works at the forefront of emerging issues that affect our clients and community at large. It is for this reason that we have taken it upon ourselves to inform you, our clients and friends, of the sweeping changes that are currently occurring in the credit card industry. The buzzword for all merchants who take credit cards as a form of payment is "PCI Compliance". This affects every such merchant, whether credit card info is taken on-line, in your retail location, over the phone or by any other means. You will eventually, if not already, be required to be "PCI compliant" if you want to continue to take credit cards as a form of payment. Failure to do so and any breach of security resulting in unauthorized release of any credit card information that a merchant has taken at any time may result in very large fines imposed on the merchant by the credit card companies. We have seen this happen, and the results can be devastating. This responsibility lies solely with the merchant as part of the merchant’s agreement with their respective credit card processing vendor and the credit card companies themselves.

TaosNet has become familiar with some of the issues involved with PCI compliance and are willing to assist our clients in becoming PCI compliant. Please contact any of us, and we will be willing to consult on your individual needs and concerns.

For those merchants who do not take any credit card information via the Internet in any way, but do so at their business location, you will still need to prove PCI compliance. Regardless of how you store the credit card data, whether on paper or electronically on any local computer/server or Point of Sale (POS) system at your business location, you must be aware that certain security policies must be followed to be PCI compliant.

For those merchants who do accept on-line credit card transactions, please read on. Your risk and responsibility for PCI compliance increases dramatically. The cost in money and time to become compliant may be significant. TaosNet hosts a large number of web sites, some of which are very simple and more resemble the standard printed brochure advertising a business.

While TaosNet does not monitor the content of web sites hosted, there are a number of hosted web sites that provide a means to accept credit card information on-line. Some may be simple "contact" type forms that email submitted forms. If these forms include any credit card information, a dangerous situation arises because email is usually not very secure if at all! Other web sites may use one or more of a number of different shopping cart systems ranging from simple to very sophisticated. This software may or may not be PCI compliant, and may or may not even reside on the same server as the rest of the website, compounding issues of compliance control. TaosNet does not monitor content and the quality of web designer programming code that makes up the web site, and for many other reasons TaosNet must provide this disclaimer.

While TaosNet attempts to maintain secure, reliable and updated web servers, email services, name servers, and other service and system components, TaosNet makes no guarantee that this is always the case. Nor does TaosNet guarantee that any of its servers will always be PCI compliant when scanned by an PCI-Security Standards Council Approved Scanning Vendor (ASV). Even if a TaosNet web server was certified as being PCI compliant, that does not mean that an individual web site residing on that web server is PCI compliant. Please contact your web developer about PCI compliance issues because non-compliance can be the result of the programming by the web developer that makes up the content of an individual web site.

TaosNet will not be liable for any fines, penalties, legal fees or any other liability incurred by merchant should there be a security breach regarding credit card or any other sensitive information where a TaosNet server or any TaosNet network component is a victim of, or a conduit for, such a security breach and the subsequent fraudulent use of unauthorized release of said information. Any use of TaosNet services constitutes your agreement of this disclaimer.

Thank you for your understanding. We stand ready to share with you our knowledge and experience.