Shoppers want online purchasing options: They are an expected convenience these days. From a retail perspective, giving your customers as many opportunities as possible to spend their money makes perfect sense.
But transactions conducted online require special protection. If your customers’ credit card information is compromised, they’ll have to deal with a huge headache, and it will reflect poorly on your company. If such breaches become common, you should prepare for an exodus of business.
The Payment Card Industry Data Security Standard (PCI DSS) is a widely adopted policy for companies that deal with the processing and storage of credit card data. It was designed by a consortium of major credit card companies with the intent of minimizing credit card fraud. Companies that adhere to the PCI DSS receive a compliance certificate which allows them to place a secure transaction emblem on their websites. That compliance is routinely checked.
When it comes to PCI compliance, credit card companies rank businesses on different levels. In order to be compliant, businesses first need to figure out what level they are ranked by the various credit card companies associated with PCI compliance. Those rankings will determine what kinds of specific safeguards need to be put in place, such as Self-Assessment Questionnaires (SAQ) and Quarterly Networks Scans (QNS).
PCI is not a law, but those who are not in compliance with it might be subject to fines if their websites are breached and data is compromised.
According to recent figures, 83 percent of recent data breach victims were not targeted – they were victims of opportunity. That means that even if you operate a quiet, under-the-radar kind of business, you’re still susceptible to attack. Of those victims, 89 percent were not PCI-compliant, meaning the data vital to their customers was vulnerable. If important credit card data has been stolen, non-PCI-compliant companies could face fines up to $500,000 following a breach.
Visa, for example, says top-tier merchants (Level 1) are those who process at least 6 million Visa transactions per year; the second tier of merchants (Level 2) processes between 1 and 6 million yearly transactions; the third tier (Level 3) processes between 20,000 and 1 million transactions each year; and the lowest tier (Level 4) tallies fewer than 20,000 Visa e-commerce transactions per year and all other merchants, regardless of acceptance channel, processing up to 1 million Visa transactions per year.
A recent study points out that 47 percent of Level 4 merchants were “unsure” about or “not at all” familiar with PCI DSS. Imagine the impact a $500,000 fine would have on those businesses. In addition, of the businesses surveyed, 69 percent thought there was no chance they’d be victims of a breach. Isn’t it better to be safe than sorry?
In order to focus your attention on the most pressing issues facing your business, consider employing the services of a managed security provider who will take care of the important background functions to make sure your online business is safe and secure. Managed security providers can give you confidence that your customers’ personal information won’t fall into the wrong hands.
When combined with your company’s internal administrative and physical safeguards, Hostway’s PCI Complete solution will provide 100 percent coverage of the vital data that powers your business, drastically reducing the risk of a data breach. To learn more about how the solution is right for your business, visit Hostway’s website.
Sources:
http://www.merchantuniversity.org/101-education/security-pci-101/pci-compliance-fines.aspx
http://www.pcicomplianceguide.org/pcifaqs.php#2
http://www.transactionworld.net/articles/2013/january/compliance.html