eCommerce Website Development and PCI DSS Compliance

Bongo IT specialise in eCommerce websites


Our eCommerce platforms turn over tens of thousands of pounds, and makes the customers very happy


The Rise of eCommerce


eCommerce is the fastest growing segment online. In particular in the USA apparel and accessories are now growing faster than any other eCommerce product segment. Health & Beauty is a top performing segment as you might imagine and the online 

ordering of food is growing voraciously, and I must admit Just Eat is very handy. The companies benefitting from eCommerce "done right" are outperforming competitors every time as they are creating loyal returning customers who engage with their 

brand. As you may well be aware return business is roughly 80% more cost effective to maintain than winning new business. 




PCI DSS compliance is now a necessity for all merchants selliing online whether they outsource the services or not. The following is an extract taken from the guidance provided by the PCI Security Standards Council:


"Merchants choosing to sell their goods and services online have a number of options to consider, for example:


  • Merchants may develop their own e-commerce payment software, use a third-party developed solution, or use a combination of both.
  • Merchants may use a variety of technologies to implement e-commerce functionality, including payment-processing applications, application-programming interfaces (APIs), inline frames (iFrames), or hosted payment pages.
  • Merchants may also choose to maintain different levels of control and responsibility for managing the supporting information technology infrastructure. For example, a merchant may choose to manage all networks and servers in house, outsource management of all systems and infrastructure to hosting providers and/or e-commerce payment processors, or manage some components in house while outsourcing other components to third parties.


No matter which option a merchant may choose, there are several key considerations to keep in mind regarding the security of cardholder data, including:


  • No option completely removes a merchant’s PCI DSS responsibilities. Regardless of the extent of outsourcing to third parties, the merchant retains responsibility for ensuring that payment card data is protected. Connections and redirections between the merchant and the third party can be compromised, and the merchant should monitor its systems to ensure that no unexpected changes have occurred and that the integrity of the connection/redirection is maintained.
  • E-commerce payment applications such as shopping carts should be validated according to PA-DSS, and confirmed to be included on PCI SSC’s list of Validated Payment Applications. For in-house developed e-commerce applications, PA-DSS should be used as a best practice during development.
  • Third-party relationships and the PCI DSS responsibilities of the merchant and each third party should be clearly documented in a contract or service-level agreement to ensure that each party understands and implements the appropriate PCI DSS controls. Appendix B of this document can be used as a high-level checklist to help all entities understand which parties are responsible for the individual PCI DSS requirements.


Essentially this all means that you must COMPLY!...Don't worry though we have experience that will guide you through this tricky area. For most people it is a simple form that needs filling in.


Quick Case Study




We met Womersley Fruit & Herb Vinegars at a local evening networking meeting (Experience Chipping Norton), Rupert the owner bought me (Andrew) a pint. Excellent way to start!  After we started talking it became apparent that whilst Womersley had an excellent blog site, and links to resellers, they did not sell their own product online. Further investigation showed that they didn't have great control over their online pressence as some items were being sold on Amazon by 3rd parties but with the Womersley's details meaning Rupert had to field calls for products he hadn't sold directly. it was strongly agreed to get control back of the online sales and start making sales to the general public as well as to trade.




We booked an initial meeting to create a Content Strategy. This outlines where the business is now with it's digital strategy, where it wants to go and how to get there. During this stage we also look at SEO and what this might look like on and off a website. After some off-site work and the presentation of the document we confirmed we could move forwards with building the eCommerce solution. We then agreed on a rough design, fonts, logo and colours before moving forwards. During the next stage (the build) we were in direct contact with Rupert at each stage to review sections as they were added. We exported and rationalised his existing content for it to be better indexed by Google and added some neat features of our own like the mailing list management tool which is built into the website. When it comes to the front end look of the site we enjoyed adding our specialist expertise to use the latest CSS and HTML effects to make it sparkle. During the process we ensured that Rupert had all the correct documentation in place to be PCI DSS compliant. 


Savings! - Vouchers Supplied


Thames Valley Chambers of Commerce had a pot of money to put towards learning digital skills. This covered the creation of a Content Strategy and paid for 50% (cash back) of the website build. The Go-To voucher for Buckinghamshire and Oxfordshire also allowed Womersley to claim an additional £150 back meaning that the total saving was over 50%.




A happy customer who has been taken on a journey, and most importantly can continue his journey with a suitable platform. After just one week Womersley have made back ~50% of the remainder of the website build costs. Pretty good going for a fantastic yet niche brand. Rupert now has more control over the online sales of his brand and we continue to work with him in various capacities.




Southern Oxfordshire New Business Competition Bong...
Do I Need SEO For My Website? I don't understand S...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Wednesday, 29 June 2022

  • At Bongo IT, we know that technology is increasingly dominant and crucial to maintaining business performance and productivity.

    Organisations should make sure they are making the right IT decisions for their current needs, whilst also planning for the future with flexible and scalable solutions.

  • As a special offer, we are offering a FREE one hour consultation to address your current IT setup and recommend an effective strategy for your future requirements.

    Addressing issues such as computer hardware, broadband, data security, file sharing, compliance and more, we’ll help you build a plan and ensure you deploy the most cost-effective IT strategy for your company’s needs.