Deadline for retailers' credit compliance
By Jon Whiteaker - 05:35PM - Wed 29th September 2010
As of tomorrow, September 30th, all online retailers must comply with the new payment card industry data security standard (PCI DSS).
PCI DSS was established by payment card organisations to ensure data protection in financial transactions and requires companies to have necessary levels of encryption, network security and access to data and firewalls.
Despite fines for non-compliance, a survey conducted earlier this year by research company Redshift found that only 11 per cent of companies had adopted the guidelines, 27 per cent were putting off compliance and 14 per cent had no intention of following the rules.
Michael Norton, Managing Director of online payment merchants PayPoint.net, said: “PCI DSS is something all online retailers simply cannot ignore – if you’re in business online you need to be able to prove your systems are compliant if you are to avoid a weighty fine.”
Currently companies which break the new regulations will have to pay $5 (£4.31) for each customer, whose data is not sufficiently protected, meaning large retailers could potentially be looking at huge bills.
Dixons Retail (formerly DSGi) came under criticism recently from the Information Commissioner’s Office recently when staff at PC World failed to destroy physical records of customer’s credit details.
The dangers of exposing clients’ details in this way is obvious and online indiscretions can be just as damaging but many small retailers may find it difficult to implement the required changes.
Norton argues that his company can help, saying: “The requirements are steep - the documentation runs to over 70 pages - so many smaller businesses just don’t have the space to do it for themselves.
“Outsourcing the entire payments process to specialist payment service providers can sidestep the issue.
“As these companies have already adopted PCI DSS, their customers comply by default. It means they are safeguarded from future changes to the rules, and can also benefit from additional capabilities, such as online fraud detection.”