Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

PCI COMPLIANCE – WHY YOUR CUSTOMERS SHOULD KNOW ABOUT PCI DSS

By Rob Crutchington – Director of Encoded

If you were to ask shoppers in the street to name an online payment protection process the chances are they would know about Verified by Visa, 3D Secure, Mastercard SecureCode or even Safekey from American Express but most would draw a blank at the mention of PCI DSS.  Why is this and why doesn’t it come as a surprise?

Rob Crutchington
Rob Crutchington

The Payment Card Industry Data Security Standard (PCI DSS) was created by Visa®, MasterCard®, JBC®, Discover® and American Express® and is made up of 12 requirements designed to secure business systems that store, process or transmit card holder data and is meant to protect consumers and merchants against security breaches. However, beyond the payment industry including merchants, suppliers, acquirers, VISA and Mastercard what does it really mean to people and why aren’t consumers aware of its importance?

Customers need confidence
For customers to transact with an organisation either via a contact centre or online they need to be confident that their payment cards will not be compromised, their personal details are secure and their identities cannot be stolen.  By complying with PCI DSS, merchants and service providers meet their obligations to the payment system and build a culture of security that benefits everyone.  However, not enough is being done to advertise this fact.

Who pays the fine?
In the event of a loss of data or cards being used fraudulently, fines are passed down the chain from VISA and MasterCard at the top to the merchant/retailer at the bottom.  The consumer doesn’t suffer financially as measures are in place and assurances given to prevent this happening.  The fact remains that something has gone wrong and individuals will be inconvenienced and could suffer from emotional stress at the thought of their details being stolen and used fraudulently.  In time this could lead to a reduction in customer confidence in both the method of payment and a reduction in confidence of the retailer who caused the problem.  Surely, all those involved in the card payment industry including merchant acquirers have a duty of care to improve public awareness.  This in turn would benefit consumers as card processing, security and compliance, fraud, fines and penalties are all part of the ‘retail cost structure’ which can lead to increased prices.

Some merchant acquirer companies have started to levy a surcharge on suppliers and merchant organisations that are not PCI compliant to encourage them to go through the full process of compliance.  This can be an expensive exercise because to achieve the top level of compliance, Level 1, an Attestation of Compliance (AOC) is needed which must be completed by an independent Qualified Security Assessor (QSA) along with a Report on Compliance.  QSAs cost money and have very exacting standards.  But do the benefits outweigh the costs and time involved?

Matthew Tyler, CEO and QSA at Blackfoot believes so, “Only greater public awareness will prove the real value of PCI DSS and lead to reduced fines and improved security.  People will ultimately choose to transact with those organisations they have confidence in and they know are PCI compliant.”

Greater Public Awareness
To achieve this greater awareness some of the money paid in fines and surcharges should be used to promote the advantages of dealing with PCI compliant operations.  Once card holders have a greater knowledge and know what questions to ask of their merchants and the payment system as a whole, the benefits will become apparent.
If the public had a clearer understanding of the importance of PCI DSS people would only purchase from those organisations who demonstrate full PCI compliance, therefore reducing the instances of lost data and fraudulent activities.  The welcome result of this would be fewer fines, lower prices and less sleepless nights worrying about security.

To my mind it is simple – use the money raised in fines and levies to promote the relevance of PCI DSS so that customers look out for the PCI Sign when making a purchase and paying by card.  This will benefit everyone, improve security and raise the profile of PCI DSS to level it deserves.