Protecting your customers’ payment data

5 min read

As business cyber breaches continue to make headlines across the world, payment data protection has become increasingly important to customers.

Rather than responding retroactively if a cyber attack occurred, it is vital that businesses have plans and policies in action to mitigate the risk of a breach. Solutions, such as secure payments software, will help ensure that your company can retain a positive reputation among loyal clients.

Not only is information security important for protecting your business’s payment data, but it can also help minimise customer churn and support vital recurring revenue streams.

In fact, the latest Retail Perceptions report from Interactions Marketing found close to half (45 per cent) of shoppers do not trust retailers to keep their information safe.

The survey, “Retail’s Reality: Shopping Behaviour After Security Breaches”, revealed that 12 per cent of loyal customers would stop visiting a favourite store if their data was breached. Additionally, more than one-third agreed they would shop at these retailers less frequently.

Of those who choose to continue offering their custom to a breached business, 79 per cent will do so only if they can use cash instead of credit cards. Furthermore, more than a quarter (26 per cent) of the shoppers admit they will knowingly spend less than before a breach.

This is a troubling statistic for any business that relies on eCommerce payment solutions and any other format that requires the use of credit cards or direct debit.

Protecting your business against cyber intrusion

Fortunately, protecting your business against cyber intrusions does not have to be difficult. Ensuring your customers’ payment data is secure can be managed in a few simple steps.

In particular, the Payment Card Industry Security Standards Council (PCI SSC) has created a Data Security Standard (DSS), designed to help businesses develop “a robust payment card data security process”, the PCI website explains.

This framework includes steps to increase cyber security through every step of the process, including the prevention, detection and response to breaches and related incidents.

Any organisation, whether eCommerce or offline, that receives, processes or stores payment data is recommended to maintain PCI DSS compliance. This is particularly important as regulations change and the latest version of the PCI DSS will become compulsory for some merchants by December 31 2014.

For those businesses considering their cyber security policies this year, investing in an eCommerce payment solution that complies fully to PCI DSS requirements is the best way to ensure that your customer’s data and financial security is protected.

PCI DSS authorised payment options are significantly more secure than non-compliant alternatives, thanks to a range of sophisticated data protection techniques. This includes firewalls, encryption, ongoing scans and evaluations, penetration testing assessments and high-tech monitoring solutions.

Making use of the range of a PCI DSS compliant eCommerce solution is one of the most cost-effective and efficient methods of achieving a respectable level of payment data security.

Beyond PCI compliance

While compliance is an important step when dealing with customers’ data, PCI SSC General Manager Bob Russo urges businesses to consider security across the total enterprise.

Speaking to SecurityWeek last month, Mr Russo explained that one of the key challenges to data protection is the focus on reaching compliance and making no further plans.

“Compliance does not equal security,” he said. “We have to change the conversation in the boardroom and all the way down and across our businesses. Security has to be a daily priority, built into business practices, not a one-time effort.”

Mr Russo believes a shift needs to be made in how companies think about and view security. Rather than simply seeking compliance, businesses should consider security strategies across the entire process.

“Security requires a daily coordinated focus on people, process and technology and must be part of business as usual,” Mr Russo concluded.

While the first step should be to access a eCommerce payment option that adheres fully to the PCI DSS, organisations should also be investing in cyber protection and security for all business functions.