PCI CISP Compliance and Online Credit Card Security

Online retailers continue the struggle to understand PCI CISP compliance and adhere to standards that enforce best practices for online credit card security.

Achieving PCI CISP compliance is a complex and daunting task for any merchant but for online merchants, it can be especially confusing to conform to standards that ensure online credit card security. Every party or software that participates in the credit card processing chain must be compliant in order to meet the industry requirements. And, for e-commerce merchants, that processing chain typically includes many players; the Shopping Cart, which collects the card data, the Payment Gateway and Merchant Account which process the card, and the hosting or data center infrastructure on which the store and gateway reside.

To add to the pressure and confusion associated with PCI CISP compliance, the media continues to report news of credit card data breaches on a daily basis while merchants with even a single security breach face extremely hefty fines, revocation of their card processing privileges as well as significant brand damage which can put them out of business altogether!

So, how great is the risk when dealing with online card security?



In 2000, North American e-merchants lost an average of 3.6 percent of their sales to stolen or fraudulent credit cards.

Even though the percentage of fraud has decreased, the overall value of the products being stolen from merchants rose from $1.5 billion in 2000 to $3.6 billion in 2007.

Unlike brick-n-mortar retail card transactions, where the merchant bank bears the responsibility of covering losses from fraudulently acquired merchandise, e-merchants are most often left liable for the cost of fraud because they conduct “Card not present” transactions.

Across the board, the cost of managing fraud exceeds the cost of fraud itself by as much as 300 [percent, according to a recent Precharge report.

Source by Taunia Kipp

loading...