Hello everyone one, I just joined this forum because I have a PCI compliance question, but it looks like a great place so I hope to become an active member here.
To start out I've been messing around with websites for about 11 years now, first with the hovercrafts I build, then my v8 bug I'm building. Both personal sites no ecommerce
I work as an Assistant Facilities Manager for a local aluminum foundry and about a year ago they were looking to update their crappy website and that is when I started running my employers website, which is strickly an informational site trying to draw in new customers, no ecommerce. With major changes, new content and pictures, and a lot of SEO work we now come up in the first page if not first couple search results
So far this year that has got us about $500,000 in new sales anually
.
Anyways we just got a new customer and a $1,000,000 contract for parts and seeing what I did with this website they are wanting to have me build them a new website, manage updates, SEO, etc. I don't have a problem building the website, but they are an ecommerce site and sell their product on there website using a shopping cart.
I have no experience with shopping carts, but I've been looking at precisionweb who has shopping cart services built into their hosting, and I know there are other shopping cart services out there. Looking at this stuff I'm pretty confident I could do the whole shopping cart thing and such.
But this is where the PCI compliance comes into play, obviouly I have no experience with this
. At first I thought using a 3rd party shopping cart service would shift this away from me, but from what I'm reading its not that simple.
I'm just worried about this because if I mess up the PCI stuff and this company ends up getting big fines, not only do I lose the website job, but its going to effect the bussiness my employer gets, and probably my job, or at least the webmaster portion of my job at my employer.
How much work (and risk) is involved with getting PCI compliant??? Its it fairly simple to do and I'm just overthinking it because its something new?? Any ways of shifting the PCI stuff to a 3rd party, easy ways to deal with it, etc
I'd really like this job for the extra money, but I don't want to risk my "real" job or risk my image with my employer or customers.
BTW this company would be probably a level 4, or at the most level 3.
Thanks for all the help I really apriciate it and I look forward to participating in this forum.
It may be worth getting someone else in to do PCI compliance. And you just focus on actually doing the site.
