PCI Compliance Creates Consumer Confidence

Have you heard the recent stories about security breaches and thousands, if not millions, of credit card numbers that are being stolen all the time by hackers? Chances are, so have your customers.

The Payment Card Industry Data Security Standard (PCI DSS) was created to help defer some of the negative impressions that were developing around the use of credit and debit cards in consumer transactions.

Merchants who store, process, or transmit sensitive payment card details are required to comply with a set of strict requirements or risk any number of severe penalties, including monetary fines and the loss of the ability to accept payment cards at all. PCI compliance, then, will become one of the most crucial aspects of modern business.

Originally, the fear of using credit or debit cards was generally associated with card-not-present transactions. In other words, the Internet was the major source of real suspicion when it came to doing commerce. The format was so new and different, that no one really knew if they could trust it or not.

But lately a couple things have changed that have shown why PCI compliance is important for any merchant who wishes to build consumer confidence and create a foundation for long term success.

The first change was in the way the Internet insinuated itself into modern lifestyle. Shopping became so incredibly convenient that people were willing to take a few chances for the sake of that convenience. There was also a proliferation of huge, multi-million dollar companies that sold various items online, and consumers were willing to accept the idea that such a large company would surely do everything possible to protect cardholder data.

The second thing that happened was a huge security breach at a large, brick and mortar company. The TJX company has been the poster child for these kind of breaches. Starting in July of 2005, hackers were able to take advantage of several flaws in their systems and steal nearly 100 million credit card numbers over a period of 18 months.

Suddenly, even a transaction where a consumer used a credit card in a face-to-face situation wasn't safe anymore. Not when companies aren't following regulations for PCI compliance, and making several mistakes like insufficient passwords, and transmitting unencrypted data.

Modern commerce relies so heavily on electronic transactions and payment processing that consumer confidence - and, by extension, PCI compliance - needs to be the top priority for any company that wishes to succeed in the modern business world.

The PCI DSS consists of 12 different requirements that merchants must adhere to. These requirements, however, can be time consuming and costly, so many merchants end up procrastinating their PCI compliance.

Why? Because the modern business world (especially in the case of online business) moves faster than it ever has before. And to keep up, many companies sacrifice the long term strategies for the immediate results.

Unfortunately, what these companies are forgetting, is that one of those immediate results is very likely to be a security breach.

The ramifications of a breach are far-reaching and possibly fatal. A company like TJX, a multi-million dollar firm, will likely weather the financial repercussions, Most companies, however, will not. If you suffer a breach before you reach PCI compliance you can be subject to fines as high as 500,000 dollars per incident.

But more than that, the damage to your reputation can be much worse. Even a multi-million dollar firm can be damaged by the loss of their reputation. How many customers will think twice before conducting transactions with them again? And how man will simply choose a competitor instead?

Consumer confidence is one of the most crucial aspects of continuing success in today's fast paced business environment. Generating it can take years. Destroying it can take seconds. PCI compliance is the standard that consumers will look for as we go forward to judge how much you can be trusted.

Andy Eliason is a writer at Main10, Inc. If you'd like to learn more about PCI compliance, or the PCI DSS, visit Braintree Payment Solutions today.