According to many reports that I’ve read lately many retailers don’t seem to be afraid of PCI . A recent survey undertaken in the US found that 79% of retailers weren’t PCI compliant, similar surveys undertaken in the UK have produced figures that are just as alarming.
From conversations I’ve had with industry professionals, it seems smaller retailers often don’t even try to comply because they think it doesn’t really apply to them. This head-in-the-sand approach is far from ideal and at best, dangerous. According to figures from the PCI Council itself 80% of card data security attacks are now targeting smaller retailers.
But I’ve heard that it isn’t just the smaller retailers that are turning a blind eye. Many industry experts will tell you (behind closed doors) that some larger retailers aren’t implementing PCI compliance because of the expense. I’m told they believe that if there is a breach, or they are caught out, dealing with this situation and the consequential fines will be cheaper than putting measures in place now.
This is an extremely short-sighted argument. Regardless of the fines, think of the damage to reputation. What consumer in their right mind is going to shop at a retailer that has openly admitted that they don’t care about their customer’s card security enough to protect the personal card data?
Admittedly PCI compliance at first glance does appear complicated and I can understand why it can be daunting for the smaller retailers. But it is there for a reason and is complicated because of the complex nature of the threat it deals with.
PCI was brought in to protect customer card data from being hacked, stolen and potentially used to commit fraud. Turning a blind eye to the compliance is like saying I’m not going to secure my physical retail store with doors, locks, cameras etc. because it is too difficult and expensive. No shop owner would ever consider this as a rational argument. PCI cannot and should not be ignored by any retailer, and in my view if a retailer thinks it is okay to ignore the compliance they should not be allowed to accept card payments at all.
Next time… How can tokenisation form a major part of your PCI compliance?
According to many reports that I’ve read lately many retailers don’t seem to be afraid of PCI . A recent survey undertaken in the US found that 79% of retailers weren’t PCI compliant, similar surveys undertaken in the UK have produced figures that are just as alarming.
From conversations I’ve had with industry professionals, it seems smaller retailers often don’t even try to comply because they think it doesn’t really apply to them. This head-in-the-sand approach is far from ideal and at best, dangerous. According to figures from the PCI Council itself 80% of card data security attacks are now targeting smaller retailers.
But I’ve heard that it isn’t just the smaller retailers that are turning a blind eye. Many industry experts will tell you (behind closed doors) that some larger retailers aren’t implementing PCI compliance because of the expense. I’m told they believe that if there is a breach, or they are caught out, dealing with this situation and the consequential fines will be cheaper than putting measures in place now.
This is an extremely short-sighted argument. Regardless of the fines, think of the damage to reputation. What consumer in their right mind is going to shop at a retailer that has openly admitted that they don’t care about their customer’s card security enough to protect the personal card data?
Admittedly PCI compliance at first glance does appear complicated and I can understand why it can be daunting for the smaller retailers. But it is there for a reason and is complicated because of the complex nature of the threat it deals with.
PCI was brought in to protect customer card data from being hacked, stolen and potentially used to commit fraud. Turning a blind eye to the compliance is like saying I’m not going to secure my physical retail store with doors, locks, cameras etc. because it is too difficult and expensive. No shop owner would ever consider this as a rational argument. PCI cannot and should not be ignored by any retailer, and in my view if a retailer thinks it is okay to ignore the compliance they should not be allowed to accept card payments at all.
Next time… How can tokenisation form a major part of your PCI compliance?
According to many reports that I’ve read lately many retailers don’t seem to be afraid of PCI . A recent survey undertaken in the US found that 79% of retailers weren’t PCI compliant, similar surveys undertaken in the UK have produced figures that are just as alarming.
From conversations I’ve had with industry professionals, it seems smaller retailers often don’t even try to comply because they think it doesn’t really apply to them. This head-in-the-sand approach is far from ideal and at best, dangerous. According to figures from the PCI Council itself 80% of card data security attacks are now targeting smaller retailers.
But I’ve heard that it isn’t just the smaller retailers that are turning a blind eye. Many industry experts will tell you (behind closed doors) that some larger retailers aren’t implementing PCI compliance because of the expense. I’m told they believe that if there is a breach, or they are caught out, dealing with this situation and the consequential fines will be cheaper than putting measures in place now.
This is an extremely short-sighted argument. Regardless of the fines, think of the damage to reputation. What consumer in their right mind is going to shop at a retailer that has openly admitted that they don’t care about their customer’s card security enough to protect the personal card data?
Admittedly PCI compliance at first glance does appear complicated and I can understand why it can be daunting for the smaller retailers. But it is there for a reason and is complicated because of the complex nature of the threat it deals with.
PCI was brought in to protect customer card data from being hacked, stolen and potentially used to commit fraud. Turning a blind eye to the compliance is like saying I’m not going to secure my physical retail store with doors, locks, cameras etc. because it is too difficult and expensive. No shop owner would ever consider this as a rational argument. PCI cannot and should not be ignored by any retailer, and in my view if a retailer thinks it is okay to ignore the compliance they should not be allowed to accept card payments at all.
Next time… How can tokenisation form a major part of your PCI compliance?