PCI Compliance: Why your customers should know about PCI DSS
If you were to ask shoppers in the street to name an online payment protection process the chances are they would know about Verified by Visa, 3D Secure, Mastercard SecureCode or even Safekey from American Express but most would draw a blank at the mention of PCI DSS. Why is this and why doesn’t it come as a surprise?
The Payment Card Industry Data Security Standard (PCI DSS) was created by Visa®, MasterCard®, JBC®, Discover® and American Express® and is made up of 12 requirements designed to secure business systems that store, process or transmit card holder data and is meant to protect consumers and merchants against security breaches. However, beyond the payment industry including merchants, suppliers, acquirers, VISA and Mastercard what does it really mean to people and why aren’t consumers aware of its importance?
Customers need confidence
Who pays the fine?
Some merchant acquirer companies have started to levy a surcharge on suppliers and merchant organisations that are not PCI compliant to encourage them to go through the full process of compliance. This can be an expensive exercise because to achieve the top level of compliance, Level 1, an Attestation of Compliance (AOC) is needed which must be completed by an independent Qualified Security Assessor (QSA) along with a Report on Compliance. QSAs cost money and have very exacting standards. But do the benefits outweigh the costs and time involved?
Matthew Tyler, CEO and QSA at Blackfoot believes so, “Only greater public awareness will prove the real value of PCI DSS and lead to reduced fines and improved security. People will ultimately choose to transact with those organisations they have confidence in and they know are PCI compliant.”
Greater Public Awareness
If the public had a clearer understanding of the importance of PCI DSS people would only purchase from those organisations who demonstrate full PCI compliance, therefore reducing the instances of lost data and fraudulent activities. The welcome result of this would be fewer fines, lower prices and less sleepless nights worrying about security.
To my mind it is simple – use the money raised in fines and levies to promote the relevance of PCI DSS so that customers look out for the PCI Sign when making a purchase and paying by card. This will benefit everyone, improve security and raise the profile of PCI DSS to level it deserves.
About Encoded
- Reduce costs by automating business processes
- Increase sales by offering new fulfilment channels
- Improve customer service by maximising resource efficiency
Encoded was established in 2001 to offer affordable, pay-as-you-go solutions to the growing telecommunications requirements of small and large businesses. Today, the company’s software regularly supports 30 million customers and 10 million calls globally and automates £60 million of secure payments without operator intervention.