The term ‘card data theft’ conjures up images of hidden card skimming devices, corrupted cash machines, and characters rooting through people’s rubbish bins.
By Clive Kahn, CEO of CardSave
Nonetheless, with figures from Experian showing online fraud is up 300 per cent since 2010, it is clear that those selling products or services online are not safe from the clutches of fraudsters trying to get their hands on card details, and need to take protecting their customers’ sensitive data seriously.
The consequences of a data breach are serious and can include legal action, damage to reputation, and ultimately loss of business. The Payment Card Industry Data Security Standard (PCI DSS) was drawn up to help retailers protect their customers’ card information.
Unfortunately, however, the message of PCI has been relayed in a way that is complicated and confusing for many small retailers who just want to get on with trading. For them, PCI compliance can seem like a complex paper shuffling exercise.
In an effort to simplify PCI compliance, here are five no-nonsense essentials that online sellers should consider to ensure that their business is protected from data breaches:
Remain aware – It is essential when protecting your e-commerce business to be aware of the risks. This means being constantly mindful of the threat of malevolent attacks including which area of your business might be targeted (your network, firewall etc.).
It also involves a more general awareness of your duty to your customers. You should conduct your business in a way that does not compromise their personal data, and work to ensure that staff are up-to-speed as well.
Instil best practice – Whilst explanations of PCI DSS often overcomplicate data protection with an elaborate jumble of acronyms and jargon, many of the actions that online sellers should take are common sense and practical.
These include not writing down customers’ credit or debit cards details on paper or accessible computer format and ensuring you keep anti-virus software up to date. If good practice becomes engrained in the daily functioning of your business, protecting customer card data will simply be an extension of this.
Do your homework – PCI is relevant to every merchant that accepts credit card payments, no exception. If businesses cannot demonstrate compliance, they risk sizeable fines and the suspension of their right to process transactions.
Depending on the size of your e-commerce website and the number of transactions you process, you will be required to do anything from filling out a self-assessment form to undergoing an onsite audit from a qualified auditor.
For online business owners who do not wish to become embroiled in the process themselves, there are a whole host of PCI solutions vendors out there that can help with compliance – though for smaller businesses (especially those who do not collect and store credit card data) this shouldn’t be necessary.
Carry out vulnerability scans – Most online sellers can achieve compliance by using PCI compliant payment gateways and shopping carts.
However, any online business transmitting, processing or storing cardholder data over the internet is required to perform a vulnerability scan of their website to reveal any security weaknesses that could lead to card data being compromised. The PCI Security Standards Council provides a list of Approved Scanning Vendors (ASVs) that can carry this out.
Pick the right vendor – There are payment providers that specifically cater to the needs of online sellers, making the process of becoming compliant simpler. Ensuring your provider offers solutions (such as pay walls and shopping carts) that are already PCI compliant will make the process a great deal simpler.
Cardsave.net
Speak Your Mind