I’m excited to see this white paper on PCI compliance published today. This couldn’t be better timing for me, as I plan to spend the next few days on final shopping cart QA and security checks for the gench site.

It looks like most of the recommendations are pretty straightforward, but the big take-away is that I have to make sure the shared hosting service for the new gench e-commerce site is PCI DSS compliant. Something tells me earthlink probably isn’t compliant (their support guy once asked me for my password!!!).

My client is reluctant to move the gench site to another hosting provider, but we may have to if we want to avoid the huge fines and headaches non-compliance could entail.