The recent spate of high-profile data breaches is having a surprisingly significant knock-on effect on the behavior of online shoppers, with 56% of those surveyed by USA Today saying they were now only shopping online with ‘large, well-known companies they were confident were safe’ and 24% admitting they’d stopped shopping online altogether out of fear.
Leaving aside the seemingly obvious fact that it was a series of data breaches at large, well-known companies such as eBay and Target that frightened them in the first place, and that shopping with large, well-known companies is therefore going to afford them no protection whatsoever, it’s interesting to see how shoppers’ habits have changed so rapidly – interesting and, for smaller organizations, worrying.
Someone else has been breached and that’s driving customers away from you? How’s that fair?
With card fraud on the rise and shoppers increasingly exercising extreme caution, how are you going to win and retain custom and prove that you’re the safe choice? E-commerce providers of all sizes need to address their data security posture as a matter of urgency: a secure e-commerce site will provide a significant competitive advantage. IT Governance recommends the adoption of the Payment Card Industry Data Security Standard (PCI DSS).
The PCI DSS requires merchants and member service providers who store, process or transmit cardholder data to:
- Build and maintain a secure IT network.
- Protect cardholder data.
- Maintain a vulnerability management program.
- Implement strong access control measures.
- Regularly monitor and test networks.
- Maintain an information security policy.
Compliance with the Standard helps businesses protect their customers’ data, and proves that international best practices are being followed.
Laws exist in various states (including Washington State, Minnesota, Nevada and Massachusetts) that state that businesses are not liable for unauthorized access to credit card information they’ve stored so long as they were PCI compliant.