Last day to secure your card data

Today is deadline day if your business handles credit card payments – last chance to get compliant with the data security standards imposed by the payment card industry.

And while it is tempting to see the PCI DSS as something that only affects the biggest merchants, if you take e-commerce payments using Visa, you only need 20,000 of them a year for that issuer to require you to comply.

The data security standard has been controversial in some quarters because it merely sets a baseline for security and can encourage tick-box compliance. It can also lead to a constant sequence of technology upgrades by merchants who do want to meet the standard and have implemented a variety of IT tools to do so.

Yet the PCI is right to be concerned that compliance is still relatively low and threaten sanctions as a result. Since 2005, 80 per cent of all data security breaches by merchants involving payment card information have been among Tier 4 vendors – those with the lowest level of activity. Validation of compliance with the standard by these companies is optional under the industry-wide rules, but individual issuers can decide to require it, as Visa has done.

So the card industry is getting tougher on those who have not yet met what DSS 1.2 requires of them. Suffer a breach and you can get elevated to Tier 1 status despite having a low level of activity. The consequences of that are higher costs and even tighter requirements. The PCI can also impose some eye-watering penalties – €5 per account compromised, a €100,000 breach free and the possibility of being barred from handling Visa and Mastercard transactions altogether. That is what is likely to hurt most.

As if that were not enough, a revised standard is about to be introduced at the end of October that will tighten up some processes and assume a risk-based approach for assessing vulnerabilities. For companies already complying with the existing standard, this should not be a challenge. For merchants who have failed to get to square one, the threshold will become yet higher.

There was a time when worrying about the safety of payment card information could be seen as a merely commercial problem for issuers with a direct impact on their exposure to theft and fraud. As consumers become ever more active in buying online, however, so their  worries about data being kept safe and secure increase. The Internet has made it possible to deal with smaller businesses direct and at a distance. To continue that, all merchants need to take data security seriously. Starting today.

Latest from Marketing Week

PLEASE SIGN IN OR REGISTER. IT'S FREE, QUICK AND EASY!

Access Marketing Week’s wealth of insight, analysis and inspiration that will help you develop as a marketer and leader.

Register and receive the best content from the only title 100% dedicated to serving marketers' needs.

We’ll ask you just a few questions about what you do and where you work, so we can make Marketing Week more relevant to you.

Register now

THE BEST CONTENT

Our award winning editorial team and columnists will ask the biggest questions about the biggest issues on everything from strategy through to execution to help you navigate the fast moving modern marketing landscape.

THE BIGGEST ISSUES

From the opportunities and challenges of emerging technology to the need for greater effectiveness, from the challenge of measurement to building a marketing team fit for the future, we will be your guide.

PERSONAL AND PROFESSIONAL DEVELOPMENT

Information, inspiration and advice from the marketing world and beyond that will help you develop as a marketer and as a leader.

Dedicated to developing your skills and helping you achieve marketing excellence. Find guidance on leadership, professional development and the latest industry jobs.

Having problems?

Contact us on +44 (0)20 7292 3711 or email subscriptions@marketingweek.com

If you are looking for our Jobs site, please click here