As the capabilities and resources supporting online ecommerce grew, so too did the potential for fraud. In fact, WorldPay reported that in the decade between 1988 and 1998, Visa and Mastercard racked up a staggering $750 million in losses due to credit card fraud. In response, the financial giants helped establish the Payment Card Industry Data Security Standard, or PCI DSS.
And while this standard has changed since it was first implemented in the early 2000s, its purpose remains the same: to provide a unified set of security standards for the protection and safekeeping of sensitive payment card information.
Today, every retailer and ecommerce company that in any way deals with payment card data must adhere to PCI DSS.
Online retailers are valuable targets for cybercriminals: Prevent data breach
These days, it seems that not much time goes by without a new report of a large company falling victim to a data breach that involves customer payment card information. This data – including cardholder names, addresses, payment card numbers and expiration dates and beyond – is especially valuable for malicious hackers. Once compromised or stolen a retailer, payment card information can be used to make fraudulent purposes or drain bank accounts. In other instances, card details are sold to other hackers in order to create more encompassing profiles for further fraudulent activity.
Overall, though, payment card information is some of the most highly sought after data for hackers. This makes the ecommerce companies that use, store and transmit this information popular targets in the cybercriminal world.
PCI DSS helps to inform online and brick-and-mortar retailers of the security measures required to help prevent this malicious activity. When following the guidelines of PCI DSS, companies can create a safer and more secure environment for the storage, use and transmission of payment card numbers and all the sensitive data associated with them.
"Customers want you to properly protect their sensitive information."
Protect brand reputation and maintain customer trust
If an organization does fall victim to a data breach because PCI DSS-mandated security elements were not in place, the event can have damaging effects on the company's overall reputation, not to mention the trust consumers have for the brand. Today's customers are more savvy than ever, and don't take it well when a business violates their trust by not properly protecting their sensitive information.
Reporting on a study from Gemalto, CSO contributor Jason Hart noted that 69% of consumers feel that brands could be doing more to safeguard their data, and another 70% said they'd stop doing business with a company that experiences a data breach.
In this environment, there's simply no room for retailers that don't make the appropriate accommodations to protect cardholder data.
Avoid other noncompliance consequences
As Plante Moran stated, brand reputation isn't the only element at stake for ecommerce companies that don't comply with PCI DSS – these businesses are also at risk for:
- Considerable fines, including as much as $1,000 or more per month.
- Forensic trail audits to determine the root cause of noncompliance. This process can be invasive and very time consuming.
- Other restrictions including no card processing by noncompliant companies.
In this way, it's in the best interest of ecommerce brands to ensure they are completely aligned with PCI DSS standards.
To find out more and to learn how an advanced order management system can help support compliant credit card order authorization, connect with the experts at SFG today.