By Jenny Hadlow, COO, Checkout.com
The impact of recent UK retailer hacks is still being felt, and the scale of the fall-out won’t be fully understood for some time. What we do know is that customer card details were not compromised, and this is a direct result of PCI DSS compliance.
Vulnerabilities can show up anywhere in the credit card processing environment, including online shopping applications, point-of-sale devices, and even when cardholder data is transmitted to service providers. The Payment Card Industry Data Security Standard (PCI DSS) is a critical piece of the fraud prevention puzzle that protects businesses and consumers against these vulnerabilities.
The threats and vulnerabilities are multiplying
The M&S system breach is one of many well-publicised attacks by hackers trying to hold brands to random in exchange for not releasing stolen customer data. Other attempts are constantly taking place under the radar, all with the potential to succeed. And while multi-factor authentication log-ins have become standard since 2018, the unavoidable truth is that the sophistication and diversity of threats posed by cybercriminals continue to increase.
As the digital economy continues to grow, the huge benefits of doing business online are inevitably accompanied by new and evolving vulnerabilities. By its very nature, the digital economy operates on card not present transactions. In lieu of a physical interaction between consumers and merchants, payment security needs to be watertight so both parties can be confident the other party is who they say they are at the point of payment and that the transaction is authentic.
Further, enterprises participating in the digital economy have vast digital ‘environments’. These can lead to multiple access points, which may be hard to identify, let alone protect. These touchpoints sprawl across supply chains, employee laptops and smartphones, and the many forms of online and in-app interfaces today’s businesses now thrive on. Protecting all of these touchpoints is a significant undertaking – but a crucial one.
PCI compliance is challenging but vital for merchants
For merchants without deep payments expertise, compliance can require a considerable, ongoing time investment. This is because the process must be complex and technical in order to cover all the vulnerable surface areas and touchpoints in the payments journey. However, working with a payments partner who can monitor, advise and implement any changes to payments strategies to optimise payments while adhering with compliance is invaluable.
This is where leveraging the right technology can help. For instance, with Checkout.com’s Flow product, merchants can present the right payment methods at checkout based on a shopper’s location, currency, and device. But it also comes with the added benefit of automatically staying up-to-date with the latest PCI compliance, GDPR rules, and scheme requirements. By integrating once with Flow, merchants can accelerate time-to-market, stay compliant, and boost conversion without additional complexity.
Recent, high-profile ransomware attacks demonstrate just how important ongoing compliance measures are, both for customer protection and for protecting retailers from legal liability, fines and large-scale reputational damage.
Staying safe in a threat-ridden environment
Fortunately, when it comes to the protection of card data, the card schemes and the PCI council are vigilant and committed to ever-better standards. By maintaining PCI DSS compliance, retailers can prevent customer card details from being accessed and used fraudulently by hackers, even when significant proportions of their internal systems are compromised.
This is exactly why Checkout.com sits on the PCI Security Standards Council and is such a strong champion of the standard. We’re proud that our Director of Information Security, Jo Vane, was recently appointed to the PCI Security Standards Council’s Board of Advisors. Although most shoppers won’t be aware of these standards, they are a crucial last line of defense and play a key role in maintaining consumer trust in the digital economy.
