Retailers rely on credit cards like restaurants rely on plates, but the danger of broken plates is nothing compared to the danger of lost or stolen credit card information. More retailers are recognizing the importance of protecting this business-crucial information from data breaches, according to a survey of retail IT workers released last month. The survey was conducted by research firm InsightExpress, and sponsored by tech giant, Cisco.
Companies measure their level of security by looking at how closely they hew to a series of guidelines called Payment Card Industry Data Security Standards, or PCI for short. Nearly 80 percent of retailers surveyed say that PCI compliance increases security, and a huge 92 percent say that PCI compliance measures are necessary. Moreover, 70 percent say they expect spending on compliance to go up in 2011. This makes sense, according to the PCI Security Standards Council, because retailers are responsible for preventing theft of cardholder data, and 80 percent of attacks target small merchants. The consequences of noncompliance can be severe, the Council warns, from fines and penalties, to termination of ability to accept payment cards, to legal costs, settlements and judgments.
Fred Kost, the director of security solutions at Cisco, tells Web Wholesaler that it is important to distinguish among varied types of retailers. "There are different levels of merchants," he explains. "A level one merchant, with six million or more transactions a year, falls under a more stringent set of requirements than, say, a level four merchant, with 20,000 transactions annually. The data at risk there are very different." Over a quarter of survey respondents were level four retailers, and they have different needs compared with the giants who process millions of cards a year. According to Kost, "The burden on a level four merchant is going to be very different from the burden on a level one merchant, based on transactions and what you have to do to show compliance."
For the smallest retailers, the recommendations for PCI compliance include an annual self assessment questionnaire, a quarterly network scan, and other requirements set by the acquiring bank that processes the credit card transactions. So what is the top priority for smaller retailers who are handling credit cards? "One of the biggest challenges they have, and the weakest link, is training and educating employees," says Kost. Referring to the results of the survey, he adds, "Almost a majority, 43 percent, say that educating employees on the proper handling of cardholder data is the biggest potential concern." For more information on what retailers need to do to achieve PCI compliance, visit PCISecurityStandards.org.
Entire contents ©2016, Sumner Communications, Inc. (203)
748-2050. All rights reserved. No part of this service may be
any form without the express written permission of Sumner Communications,
Inc. except that an individual may download and/or forward articles
to a reasonable number of recipients for personal,