In the fourth blog in the series of 5 we examine the fourth theme from the Sagepay report on e-Commerce for 2013, PCI ComplianceFor 2013 five themes were identified that small e-businesses should be focusing on right now. These are
- PCI Compliance
- International Trade
This year, 5% of small e-businesses are still failing to comply with the regulations while a further 18% don’t know whether they are compliant or not. Given the high penalties for non-compliance, these are very worrying numbers – almost a quarter of small e-businesses taking part in the benchmark are laying themselves open to significant fines. These often run into tens of thousands of pounds with the ability to do serious damage to your business. And more than this, potential fines are unlimited.pci and your business – what you need to knowSo why do you need to be PCI compliant? Well, it’s important to help prevent customers’ data being stolen by hackers. There is a widespread and very lucrative trade in stolen credit card information and any successful breach of your security would also have an untold negative impact on your reputation.so what do you need to know?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of best practices that includes, among other things, the requirement to protect data behind firewalls with robust passwords, to encrypt transmission of cardholders’ data, to stay up to date on virus protection and to control who gets to see what.There are four levels of PCI compliance. The chances are that as a small e-business processing fewer than 20,000 transactions a year, you only need to satisfy the lowest level (level 4) – especially if you outsource to a third party payment service provider such as Sage Pay who is already level 1 certified. Fortunately, this is pretty simple to do and if you’re outsourcing your payments requires little more than completing an annual self-assessment form. If you host your own payment system, you may have to comply with more stringent requirements. And as you grow, the demands become steadily stricter. However, to be clear, although not currently a legal requirement, being PCI compliant is industry best practice to help protect you, your customers and your business.You can learn more at pcisecuritystandards.orgThe 4 levels of SecurityLevel 1 – Any merchant processing over 6 million card transactions per year (however they accept them). This includes any merchant that the card provider, at its sole discretion, determines should meet the Level 1 merchant requirements.Level 2 – Any merchant processing between 1 and 6 million card transactions per year.Level 3 – Any merchant processing between 20,000 and 1 million Card e-commerce transactions per yearLevel 4 – Any merchant processing fewer than 20,000 Card e-commerce transactions per year, and all other merchants, regardless of acceptance channel, processing up to 1 million Card transactions per year.The three threats of Non-ComplianceYour customers are not protectedYou face unlimited finesYour reputation is at risk