Nearly 15 percent of consumers said they had abandoned their online purchase during the payment process due to concerns about the site’s security standards. A data breach can do more than temporarily bring down a business: it can ruin customers’ trust in your brand and the ecommerce industry. So how do retailers combat this threat?
PCI compliance plays a part in combating payment fraud and data theft. The Payment Card Industry (PCI) standard is a process that aims at governing and streamlining the way data is collected, stored, and used by ecommerce retailers. It is vital that all ecommerce merchants that accept cards as a form of payment ensure that their online store is PCI Data Security Standard (DSS) compliant. The Payment Card Industry Council, a group formed by major credit card brands (MasterCard, VISA, American Express, and Discover), adopted the PCI DSS to safeguard cardholder data during payments online.
PCI standards are updated regularly to address evolving threats to cardholder security.
Why do ecommerce retailers need to ensure that they are PCI DSS compliant?
Because data breaches can and do happen, wouldn’t a retailer want to assure their customers that they are taking every measure to safeguard their card data and personal information? Recent research has found that organizations that suffer data breaches are 50 percent more likely to have security guidelines that are too lax.
What is involved?
To be PCI compliant, retailers and service providers must adhere to the following guidelines:
- Have your website and web hosting server checked for vulnerabilities by Approved Scanning Vendors.
- Conduct regular company security audits – including employee identification, office environment factors, etc.
- Complete regular PCI Self-Assessment Questionnaires.
You can check out the PCI DSS v4.0 document for more information.
There are different levels of PCI security compliance, depending on the number of transactions a vendor processes.
Level 1 – Retailers processing more than 6 million transactions per year
Level 2 – Retailers processing between 1 to 6 million transactions per year
Level 3 – Retailers processing between 20,000 to 1 million transactions per year
Level 4 – Retailers processing less than 20,000 transactions per year
The higher the compliance level, the greater the number of annual transactions, and the more stringent the policies and guidelines that a credit card processor must follow. At Speed Commerce, we know this process, as our operation is entirely PCI compliant to protect our clients and their customers from a data breach.
What if I don’t comply?
PCI DSS compliance is a requirement by major card companies. Failure to comply will make your operations vulnerable to hackers and put you in violation of your card processing agreement with these vendors, leading to fines and possibly the loss of your ability to process transactions altogether. So do some research and make sure that you – and your services providers – are doing everything they can to protect your customers.