by Trisha Echols
Ecommerce is a profitable business. It facilitates the ease and convenience of shopping. And it benefits both merchants and customers. Merchants’ online stores earn money even while they sleep. Customers, on the other hand, can now shop leisurely in the comforts of their home. No wonder that ecommerce is fast gaining popularity!
However, there are securities issues that need to be addressed with online transactions. Sensitive customers information passes through the Internet on every online transactions and it needs to be secured from any prying individuals who might jeopardize the process. This vulnerability prompted the major credit card-issuing companies—among them MasterCard, Visa, Discover, American Express, and many others– to meet together and reached a consensus on online card transactions security issues. They come up with what is now known as Payment Card Industry Data Security Standard or PCIDSS. This is a set of security requirements or demands directed to merchants in order to protect their customers.
Here’s the summary of PCIDSS:
-
INSTALL FIREWALL
Merchants MUST establish a firewall on computers to protect credit card information. This means that they should not attempt to process any card transactions unless their servers have installed a dependable firewall program. Failure to do so can lead to security risks.
-
COME UP WITH A STRONG SYSTEM PASSWORD
When merchants install operating programs on their computers, software vendors usually supply default passwords in them. Some computer owners no longer take the time to change this password. In ecommerce, such action could pose as security risk. Therefore, the card industry strongly suggests that merchants should not use the default but instead change it immediately with a strong password.
-
USE ENCRYPTION
If the merchant has linked computers, PCIDSS demands that strong encryption system be used when sending card information data across network. This is one way of protecting customers’ data from falling into the wrong hands.
-
GUARD AGAINST SOFTWARE VIRUS ATTACKS
Merchants should always install and maintain a good anti-virus attack on their computers. In addition, they should always download the latest updates to their chose antivirus programs. Regular virus scanning schedule of computers should strictly be implemented.
-
LIMIT EMPLOYEES ‘ ACCESS TO COMPUTERS
A merchant’s computers contain sensitive customer’s credit card information. Hence, it should be restricted to a few selected employees. By assigning unique computer access ID to your employees, you will be able to track and maintain security access control.
-
MONITOR AND TEST COMPUTER’S VULNERABILITIES
From time to time, test the computers for any vulnerability. Perform virus scanning, encryption test, and spyware check, and other pc security tests on a regular basis.
-
DRAW UP AND IMPLEMENT INFORMATION SECURITY
Basically, card-issuing companies encourages merchants to implement security protocol to secure their computer data. This includes investing in uninterrupted power supply equipments, storing their pc in a secure place.
The card-issuing companies like Visa, MasterCard, American Express, and many others want merchants and customers alike to utilize the full benefits of ecommerce. This can be achieved when merchants fully comply with the Payment Card Industry Data Security Standards protocol or PCIDSS.
(Trisha Echols currently is a long-time financial consultant with established consultancy offices in Amsterdam, Halifax, Malaysia and other key cities. Her clients belong to the top 500 companies in England and in the United States. Miss Echols serves as business consultant for several credit card processing companies, including www.creditcardprocessingexperts.com. She does lectures on strategic business practices and also writes for various magazines on business matters.)
