Cybersecurity is a big deal, and with the recent data breaches hitting Target and Neiman Marcus Group, it's getting bigger. Consumers are more concerned than ever about the security of their personal and financial information. As a publisher, protecting your customers’ data is paramount to your success in eCommerce. So, let’s talk about PCI compliance.
Providing the safest online transaction possible (and evidence of it) is what gives your customers confidence in purchasing from your site. That’s where PCI compliance comes in.
Mandated since 2001, Cardholder Information Security Program (CISP) certification is intended to protect Visa cardholder data, wherever it resides, ensuring that members, merchants and service providers maintain the highest information security standard. CISP is what drove the establishment of the Payment Card Industry (PCI) Data Security Standard in 2004. Developed from a joint initiative of Visa, Mastercard, Discover and American Express, in response to the growing severity of credit card theft, the goal was to protect all cardholder data, wherever it may reside. As a result, the PCI created industry-wide standards for card data security to be followed by both merchants and providers.
1) If you sell anything online and accept credit cards as a form of payment, you MUST be PCI compliant.
2) If you are using a hosted solution, your provider must be (CISP) certified and appear on Visa’s approved list.
3) Non-compliant merchants risk class action lawsuits that can result in up to $10,000 in monthly fines, up to $500,000 in fines (per incident) and/or losing the ability to process transactions altogether.
The Value of PCI Compliance
PCI compliance is not cheap. It requires a fair amount of capital to review procedures affecting data security, documenting said procedures, and auditing processes periodically. For publishers large and small, it's a daunting task, sucking away resources otherwise focused on management and development. But, the cost of not being PCI compliant is far greater.
What’s a publisher to do?
The simple answer is to find a hosted eCommerce system, shopping cart, and payment processor that are already PCI compliant. Outsourcing can offer you significant savings and greater peace of mind. But of course, you don’t want to blindly accept that they are PCI compliant. You need to know what to keep at top of mind when addressing PCI compliance:
Clustered databases and application servers
Data center redundancy
Bandwidth diversity and;
PCI compliance doesn’t have to cost you an arm and a leg— but you can’t put a price on what it will save you.