Data breaches have unfortunately become commonplace in the ever growing world of e-commerce, retail data storage, and online transactions. If you’re a merchant who accepts credit card, you are probably well aware of the need to protect your customers’ personal and financial data as well as the term PCI Compliance. However, you may not be as familiar with the technical aspects surrounding compliance with required security standards, as well as how these standard came to fruition. As EMV takes on payment card security at retail locations PCI Compliance has become especially important to the eCommerce business owner.
For businesses with eCommerce merchant accounts, PCI compliance is the general term used to identify what they must do in order to protect customer data.
PCI stands for payment card industry, and the need for data security became necessary in the late 1990’s and early 2000’s, as businesses began to use the Internet to sell items and or process transactions. As the number of businesses adopting this new type of “store” increased, so did the number of cyber criminals, who sought to hack payment processing systems and networks with the intent to steal data. In order to combat this growing cybercrime, Visa introduced a security standard called the Cardholder Information Security Program. It was not particularly successful, due to the fact that there were many differences between security in North America and the international community. Visa wasn’t alone in this failed attempt – other card brands such as MasterCard and Discover also tried unsuccessfully to develop a security standard.
As fraudulent activity continued to grow, credit card brands began to feel a sense of urgency to the issue, and they began working together. In late 2004, PCI DSS, short for Payment Card Industry Data Security Standard, was introduced as a comprehensive measure for merchants. PCI Compliance was born, and has continued to evolve as criminals continue to outpace the industry’s ability to upgrade. This has led many to consider PCI Compliance a nuisance and merchant resistance. However, now more than ever it is important to realize that businesses really are the front line of defense against Identity Theft and credit credit card fraud because no matter how secure the payment processing system is the weak link is usually at the business itself.
As of 2016, a majority of merchants have met the PCI compliance standard initially introduced.
However, as thieves find new ways to gain access to data, new methods of protecting that data must be implemented as well. The Payment Card Industry Security Standard Council was established in 2006, and recognizes that protecting consumer data is a necessity. It continually works to release newer and better security technology to protect online merchant accounts.
If you have an online merchant account or an eCommerce merchant account, it could be easy to let security updates slip through the cracks.
However, ALL businesses, and in particular small businesses that might not have the funds to perform upgrades, are at greater risk of losses if security standards are not maintained. Losses from a security breach can be financial, and can include customer reimbursements, as well as audit and consulting services. In particular, at the retail level, merchants who are not in compliance with the deadline to switch to EMV-compliant terminals (EMV is short for Europay, MasterCard, Visa and includes chip-embedded cards) will be liable for fraudulent transactions. Also, damages can occur in less quantifiable ways, such as damage to your business reputation. People do not want to shop where their information might not be adequately protected. Lost customers equals lost revenue – don’t allow your business to get a reputation for being hacked.
The PCI Security Standards Council has produced a “Guide to Safe Payments,” which every business owner should read.
It covers topics such as understanding the security risk to your business, and provides definitions of key concepts. It also provides an excellent description of payment systems types and the risks associated with each. In addition, a checklist on how to protect your business is provided, as well as some key points on how to better protect customer data. There is also a very comprehensive list of resources on a variety of PCI topics. If you’re serious about security, this booklet is mandatory reading.
If you need assistance understanding your merchant account or PCI Compliance give Bankcard Brokers a call and let one of our certified payment professionals guide you to the best merchant account solution and security for your business.
Maybe you just need the most competitive and service oriented ecommerce merchant account available. Get started today with our simple and secure 5 minute application and receive a state of the art secure gateway for your website absolutely free!