Without sufficient security, SA's online retailers will not be in a position to profit from an expected e-business market boom in 2013.
The boom predicted by World Wide Worx's Online Retail 2010 survey means more South Africans will participate in online shopping, opening the market for online fraud as well.
The country is already an online fraud hotspot, with the International Fraud Reporting 2009 study ranking SA sixth out of the world's top 10 countries hosting online fraud perpetrators. The report also highlights consumer complaints of online credit and debit card fraud, which account for 9% of all online fraud complaints.
To counter the rising threat standards, solutions such as the Payment Card Industry Data Security (PCI DSS), to protect credit card users and merchants against fraud, are needed to protect the transaction process, as well as the cardholder information.
PCI DSS is the payment card industry requirement for entities that store, process or transmit cardholder data, and has been endorsed by all the major card brands.
“Compliance with standards like PCI DSS is an important element of what we call 'trust strategy', which is a key to the success and sustainability of any online retailer,” says Arthur Goldstuck, MD of World Wide Worx. “When we conduct benchmarking of online retailers' Web sites against best practice, poor trust strategy can count heavily against them,” he warns.
Goldstuck notes that the 2013 boom will happen regardless of whether online retailers are compliant or not. However, for online retailers to take advantage of the boom, the trust strategy and compliance with payment standards are integral.
According to MWeb Business, the payment card industry council has advised payment service providers to adhere to a deadline of 30 September 2010, or face considerable fines and even platform termination. To this end, the company has achieved compliance long before the deadline.
Safe to shop
MWeb Business, which owns and operates the SafeShop online payment gateway, recently became one of a handful of payment service providers in SA to be certified as compliant with PCI DSS.
Andr'e Joubert, GM at MWeb Business, explains that SafeShop processes thousands of online transactions everyday. “It was, therefore, critical that we achieved compliance to demonstrate to our consumers and banks that we have properly secured our network environment to ensure safe transactions,” he states.
As part of their own compliance procedures, all merchants accepting credit card transactions are required to use a payment gateway service provider that has been certified PCI DSS compliant. MWeb's merchant community using the SafeShop platform is, therefore, assured of conformity in this aspect of the process.
To comply with the standard, service providers must review physical access controls, IT environment, and information security policies and procedures.
In MWeb's case, this included providing for the storage of data in accordance with the PCI DSS; separating the front- and back-end servers; and instituting dual-factor authentication in the MWeb data centre to include biometric and access card systems.
Physical compliance measures meant MWeb had to install video surveillance and physical lock-down for the server cabinets in the data centre, as well as install intrusion protection systems and dual-factor authentication for remote access to the environment.
MWeb was also required to draft detailed policies and procedures governing all aspects of the processing, transmission and storage of data in accordance with the PCI DSS.
Related story:
SA's e-business set to boom
Share