The Legal Side of Getting Paid
Online stores thrive on smooth, secure payments. But payment systems are also a major regulatory risk area. From handling credit cards to collecting sales tax, mistakes can be costly.
PCI DSS Compliance: Securing Payments
The Payment Card Industry Data Security Standard (PCI DSS) requires all businesses that handle credit cards to:
- Use secure payment processors (e.g., Stripe, PayPal).
- Encrypt transmission of cardholder data.
- Restrict access to sensitive data.
- Maintain security monitoring and testing.
Even if you don’t store card data yourself, you must ensure your payment gateway is PCI compliant.
Handling Customer Data Responsibly
- Never store raw credit card numbers.
- Always use tokenization or third-party processors.
- Implement two-factor authentication for admin access to financial data.
Sales Tax Obligations After
Wayfair
In 2018, the U.S. Supreme Court (South Dakota v. Wayfair) ruled that states can require online sellers to collect sales tax even without physical presence.
- This means your store may owe tax in multiple states.
- Many states set thresholds (e.g., $100,000 in sales or 200 transactions annually).
- Marketplaces (Amazon, Etsy) often collect on your behalf, but independent sites must track compliance.
Chargebacks & Fraud Prevention
- Use tools like address verification (AVS) and CVV checks.
- Have clear refund and shipping policies to prevent disputes.
- Keep transaction records to fight chargebacks.
Key Takeaways
- PCI DSS compliance is mandatory for all online sellers.
- Sales tax rules vary, and compliance is complex after Wayfair.
- Proactive fraud prevention reduces financial and legal risks.
Action Step: Review where your customers are located and check each state’s sales tax “economic nexus” thresholds. Consider using tax software to stay compliant.
If you want to read more about payment processing & financial compliance, please see Recommended Books.
