To be successful, an e-commerce merchant needs several things, like customers and the ability to accept credit cards. But while being able to process credit card transactions is important, keeping those transactions and their data secure is just as critical. In 2017, there were almost 42,068 data security incidents — just the kind of incidents merchants can potentially avoid by complying with Payment Card Industry Data Security Standard (PCI DSS) security standards.
For every merchant that handles credit card data, PCI DSS security standards aren’t just a suggestion. They’re a requirement. So, when merchants understand, adopt and adhere to these guidelines — improving security throughout the entire payment cycle — that’s good news for customers and retailers.
The PCI Standards Council established the PCI DSS payment security standards in 2006 in response to increasing data theft. This council (composed of Visa, Mastercard, American Express, Discover and the Japanese Credit Bureau) wanted to ensure all merchants that accept, process, store and transmit credit card information do so in a way that reduces the risk of fraud, data breaches and data theft.
More than 80% of data stolen in breaches is payment card data, illustrating just how important it is for merchants to be able to secure sensitive customer data while they are in control of it. To do so, every merchant handling payment cards must follow these 12 PCI-established control objectives:
A merchant’s transaction volume, card handling method and security breach history determine how often and what kind of security audits and scans are required; many merchants may be eligible to conduct a self-assessment, while larger merchants or those experiencing previous breaches will need to have an independent Qualified Security Assessor perform the audit.
There’s no grey area when it comes to compliance. When merchants undergo their regular audits — or when an alleged violation triggers an audit — businesses either pass with 100% compliance or they fail. And those businesses that fail risk compromising their customers’ sensitive data, like credit card numbers, CVV numbers and addresses.
In fact, most major data breaches have occurred at companies that weren’t PCI-compliant at the time of the breach, which should give merchants added incentive to ensure they implement a solution that helps them become — and stay — compliant at all times.
Compromised data isn’t the only thing at risk if merchants don’t comply with established rules. While PCI compliance isn’t a law and penalties aren’t often well-publicized, merchants face substantial repercussions for noncompliance, including:
Compliance isn’t easy to achieve, particularly for small and midsized businesses. In fact, 65% of small businesses don’t meet minimum compliance requirements because of the complexity surrounding the regulations and the expense of implementation.
Here are some steps online merchants should take to ensure they’re protecting sensitive customer data:
When it comes to PCI DSS compliance, merchants don’t have to go it alone. Many service providers and platforms — like PayPal, Stripe and Shopify — offer built-in PCI-compliant solutions that take care of compliance for the merchant. Before tackling solutions on their own, merchants should check with their service providers to see what PCI compliance efforts they might handle.
However, even if merchants outsource their PCI compliance, they are still responsible for ensuring that these outsourced services remain compliant.
Merchants looking to protect their growing business from the penalties and lost business that can come from violating compliance regulations should consider outsourcing fraud protection to PCI-compliant solutions, like ClearSale.
Contact a ClearSale analyst today to see how our fully compliant, comprehensive fraud protection solution can protect your business and your customers against the rising risk of fraud.