The beauty of the internet is attracting customers from around the world – unfortunately it also means attracting the attention of fraudsters. So it’s essential your payment security is fit-for-purpose.
But fear not, because perception often gets in the way of fact. Online trading is less prone to fraud than conventional ‘in-store’ trading. Research by global company Forrester found that for every £1000 worth of transactions, a company could lose £1 over the internet compared to £25 offline – as a result of fraud.
The Payment Card Industry Data Security Standard (PCI DSS) is a worldwide security standard developed to protect cardholders' personal information.
It includes requirements for security management, network architecture, software design, security policies and procedures, and other protection of customer account data. The standard is applicable to any organisation that stores, transmits or processes cardholder information.
PCI DSS is a set of six principles that encompass these specific requirements. These requirements are applicable to any organisation holding personal information and are intended to reduce the organisation's risk of a data breach:
The Payment Card Industry Security Standard Council encourages businesses to comply with PCI DSS and become certified to help reduce financial risks from data compromises.
But it’s the payment card schemes, eg MasterCard or Visa, that manage the actual compliance programme. Seek advice from your bank on your specific compliance obligations and how your business can become certified.
Failure to be annually certified can become an issue if you have a security breach and your customers’ card details are stolen. Penalties levied by the card schemes can be heavy depending on the number of cards compromised. Even where a merchant is certified, this does not protect them from potential penalties if it is deemed that their own actions through negligence, omission or accident contributed to a breach.
Where these breaches can occur:
Your website MUST be compliant in this area to trade online. The Information Commissioner’s Office (ICO) is responsible for enforcing this standard and can impose penalties of up to £500,000 for serious data breaches. So if you’re not sure if your site complies, speak to a professional web security specialist. Or it could cost you!
Successful eCommerce is largely dependent on customers feeling safe and satisfied you are doing everything to protect their card details, personal data and transactional history. If you are them to protect your site, your customers can be satisfied that you are taking security seriously.
Encryption software such as SSL and the introduction of 3-D Secure protect online shoppers and their data. By integrating these types of security systems with your site, you will greatly reduce your exposure to the risk of attack from internet criminals stealing data or costs as a result of transactions that turn out to be fraudulent.
Don’t be complacent. But with the proper safeguards in place, your customers’ money as well as your business’ profits will be safe online.
Please login using your email address
Sorry, your login details were incorrectclose
© Copyright 2013 Electronic Payments, All Rights Reserved 99 Giles Street, Edinburgh | Scotland, EH6 6BZ | 08000 248 620