Last day to secure your card data

Today is deadline day if your business handles credit card payments – last chance to get compliant with the data security standards imposed by the payment card industry.

And while it is tempting to see the PCI DSS as something that only affects the biggest merchants, if you take e-commerce payments using Visa, you only need 20,000 of them a year for that issuer to require you to comply.

The data security standard has been controversial in some quarters because it merely sets a baseline for security and can encourage tick-box compliance. It can also lead to a constant sequence of technology upgrades by merchants who do want to meet the standard and have implemented a variety of IT tools to do so.

Yet the PCI is right to be concerned that compliance is still relatively low and threaten sanctions as a result. Since 2005, 80 per cent of all data security breaches by merchants involving payment card information have been among Tier 4 vendors – those with the lowest level of activity. Validation of compliance with the standard by these companies is optional under the industry-wide rules, but individual issuers can decide to require it, as Visa has done.

So the card industry is getting tougher on those who have not yet met what DSS 1.2 requires of them. Suffer a breach and you can get elevated to Tier 1 status despite having a low level of activity. The consequences of that are higher costs and even tighter requirements. The PCI can also impose some eye-watering penalties – €5 per account compromised, a €100,000 breach free and the possibility of being barred from handling Visa and Mastercard transactions altogether. That is what is likely to hurt most.

As if that were not enough, a revised standard is about to be introduced at the end of October that will tighten up some processes and assume a risk-based approach for assessing vulnerabilities. For companies already complying with the existing standard, this should not be a challenge. For merchants who have failed to get to square one, the threshold will become yet higher.

There was a time when worrying about the safety of payment card information could be seen as a merely commercial problem for issuers with a direct impact on their exposure to theft and fraud. As consumers become ever more active in buying online, however, so their  worries about data being kept safe and secure increase. The Internet has made it possible to deal with smaller businesses direct and at a distance. To continue that, all merchants need to take data security seriously. Starting today.

Latest from Marketing Week


Access Marketing Week’s wealth of insight, analysis and opinion that will help you do your job better.

Register and receive the best content from the only UK title 100% dedicated to serving marketers' needs.

We’ll ask you just a few questions about what you do and where you work. The more we know about our visitors, the better and more relevant content we can provide for them. And, yes, knowing our audience better helps us find commercial partners too. Don't worry, we won't share your information with other parties, unless you give us permission to do so.

Register now


Our award winning editorial team (PPA Digital Brand of the Year) ask the big questions about the biggest issues on everything from strategy through to execution to help you navigate the fast moving modern marketing landscape.


From the opportunities and challenges of emerging technology to the need for greater effectiveness, from the challenge of measurement to building a marketing team fit for the future, we are your guide.


Information, inspiration and advice from the marketing world and beyond that will help you develop as a marketer and as a leader.

Having problems?

Contact us on +44 (0)20 7292 3703 or email

If you are looking for our Jobs site, please click here