Subscribe

Compliance saves

Companies can assist retailers to secure online transactions through PCI DSS compliance.

Simeon Tassev
By Simeon Tassev, MD of Galix
Johannesburg, 05 Nov 2015

Online shopping has seen significant growth in the South African market, as the Internet has become more affordable, available and easily accessible. This is driving more businesses towards e-commerce in one form or another, with many companies moving to solely online platforms due to the affordability and ease of operation associated with this model.

In addition, technologies and apps such as the cloud, social media, file storage options such as Dropbox, online project managers and the Internet of things (IOT), to mention a few, are driving businesses towards online business management. As companies move online, it becomes more important than ever to secure any and all transactions taking place through this medium, both to protect the business and its customers.

One of the most important aspects of this is ensuring credit card and online transactions are processed securely, as fraud in this space is an escalating problem. In addition, regulatory compliance is required with this information, including the Protection of Personal Information (POPI) Act. Compliance with the Payment Card Industry Data Security Standard (PCI DSS) can help organisations to protect all customer data, including credit card details, geographical location and more. POPI compliance can secure these transactions to prevent fraud from causing a loss of revenue as well as reputational damage.

Click to shop

While there are no local statistics specifically regarding online fraud, one thing is for certain - it is gaining traction at an ever increasing rate. This is the direct result of more and more businesses establishing an online transaction-based presence, from traditional brick-and-mortar retailers to purely online-based stores, and even companies selling subscriptions to their services via a Web portal. In addition, with more businesses making use of cloud services, their online presence is amplified, making this arena ripe for fraudulent and criminal activity.

Where the money is, the crime will naturally follow. Web-enabled mobile devices and applications, as well as online payment gateways and new methods of payment, like Bitcoin or PayPal, all facilitate online payment, and therefore are potentially a vulnerability that can be exploited by cyber criminals.

Since all online trading is done in a 'virtual' environment, cyber criminals are often able to work silently and remotely, with little to no chance of being detected until it is too late. The crimes around payments range from the use of fraudulent or stolen credit cards for purchasing, to defrauding online retailers of confidential data such as credit card details and personal customer information. It is absolutely essential, therefore, for companies to put preventative measures in place to protect themselves as well as their client base.

The reality is that if the correct measures and verifications are not in place, the retailers will bear the brunt of fraudulently processed transactions. However, if they have put validations and verifications in place, and all reasonable measures have been taken to prevent fraudulent transactions from being processed, they cannot be held liable. Therefore, it essential that the measures are implemented correctly. This is where the PCI DSS standard comes into effect.

Where the money is, the crime will naturally follow.

Compliance with the regulations laid out by PCI DSS is compulsory for all merchants that process credit card transactions. However, it can also go a long way towards ensuring data and payment card security, thereby protecting the business and facilitating compliance with POPI. The PCI standard specifies the minimum controls, systems and processes that should be put into place to verify and validate credit card-based payments. However, in order to ensure full protection, it is advisable to go beyond simply the minimum requirements. This requires businesses to understand relevant compliance requirements, implement them and adequately train staff to adhere to them. Furthermore, it needs to be established what kind of systems and solutions are available to provide adequate protection.

Operating effectively online means ensuring the security of systems, which in turn requires an understanding of PCI requirements and other compliance regulations as well as solutions available. Partnering with a qualified, expert provider can help organisations to maintain compliance and secure systems, by ensuring systems are monitored for alerts, and that security solutions are maintained and up to date with the latest patches.

For resellers, this offers a significant opportunity. Partnering with a PCI and data security specialist can help resellers augment their service offering and enable them to become a trusted, value-added partner in reducing fraud, protecting personal information, and ensuring compliance with relevant regulations and legislation.

Companies have worked hard to build their reputations and should ensure they secure their success by securing their customers' payment card data. Ultimately, customers depend on the service provider to keep their information safe - repay their trust with compliance to the PCI Security Standards.

Share