Five years of experience in the secure payments industry has taught me that accreditations matter. Retailers need to take action and apply for accreditations as they act as a mark of quality for your business, reassuring customers that they are transacting with a trusted company which provides a high quality service or product. This principle applies across many industry sectors and disciplines, from buying chicken in the supermarket and looking for the ‘Red Tractor’ logo on the packaging, to selecting an interview candidate with an industry recognised qualification.
In the payments sector, a variety of accreditations exist to reassure customers that their sensitive information is not at risk of being stolen and used fraudulently. For software and service vendors, most involve a lengthy and in-depth process which consists of assessing the security of many elements of a business such as the people, management systems, software and hardware. While few people would volunteer to subject themselves to extra scrutiny without good reason, within the payments industry, customer confidence is essential because of the sensitive credit and/or debit card information that is being handled. Any vendor who does go the extra mile to achieve accreditations shows their commitment to secure systems and customer satisfaction.
With so many highly publicised security breaches in the past 18 months involving customer card data, the additional reassurance that accreditation brings is more important than ever. Our own research has shown that 86% of people would shun a brand that had suffered a data breach, causing lasting damage to the brand’s reputation as well as hitting sales. Accreditations tell customers that they can trust you with their sensitive information, ultimately benefiting your brand by building a loyal and growing customer base.
Below are a few of the key accreditations that you should be adopting for your own organisation if you are in the payments industry – or looking out for as a customer:
PCI DSS Now established worldwide, this is the over-arching standard brought in by the card companies to guard against card fraud. Any organisation which handles customers’ credit or debit card information needs to be assessed for the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is a requirement set by the Payment Card Industry Security Standards Council (PCI SSC) to help handle the ever increasing amount of card transactions and with that, the growing risk and sophistication of card fraud. The PCI DSS takes two forms depending on the amount of transactions the business handles. The first is to be assessed by an external Qualified Security Assessor (QSA). This is for organisations who handle over 6 million card transactions a year. It includes a report on compliance for the organisation which outlines the merchants’ assessment methodology and records their compliance status. For smaller organisations handling under 6 million card transactions a year, PCI DSS compliance can be achieved by completing an annual Self-Assessment Questionnaire.
For organisations who have met the PCI standards, this is a certification which ensures that not only is the payment technology secure, but also that any internal processes such as holding card or other sensitive customer information are kept safe. These processes also include the detection and appropriate reaction to security incidents as well as their prevention, providing added benefits for the retailer and the customer.
Visa Merchant Agent Being an approved Visa Merchant Agent confirms that an organisation has a secure and trusted payment system. If you are a business looking to outsource a company to handle your payments or if you are a customer and want to make sure you are dealing with a secure and trusted organisation, it is recommended that you check Visa’s official list of approved agents before dealing