Online retailers leaving credit card data at risk

Only nine per cent of Level One retailers (handling more than six million transactions a year) are compliant with the Payment Card Industry Data Security Standard. But online retailers of all sizes increasingly see compliance as the key to their business success and competitive advantage.

Jason Zemmel, managing director of Half Price Perfumes, said: “Premium brand fragrance is an area where you may find yourself competing with stolen or fake items. We are very careful to ensure that we come across in a strongly ethical and trustworthy light.”

Speaking at a roundtable organised by UKFast, he added: “If you are serious about trading online, be it as an SME, Marks & Spencer or Argos, you have to follow the same rules. While it may be an inconvenience and require a certain amount of extra effort, it is very important that we follow the same standards so that there is a uniform environment for all online retailers, regardless of size. That way you can ensure customer trust and confidence.”

Despite this, Graham Boler, consultant at ECSC, said: “Most merchants are really now only coming to terms with the standard. While the larger retailers have embraced it pretty strongly, in the UK the next tier of high street retailers are only estimated to be about five per cent compliant.”

Visa fines for a data breach by a Level Four merchant (processing under 20,000 transaction per year) rose to £10,000 per breach during 2009. The payment card issuer collected £200,000 each month in fines last year.

Richard Bromley of Ken Bromley Art Supplies added: “When holding customer credit card details, it is a responsibility point to be PCI compliant. By displaying this on our website, it will make customers more confident in dealing with us and increase trust and business.”