ThreatMetrix’s newly released Cybercrime Report: Q2 2015 analyses cyber crime data gathered from April to June 2015. During this period, 36 million fraud attacks against e-commerce companies were detected – an increase of 20% over the previous quarter.
Vanita Pandey, ThreatMetrix’s senior director, strategy and product marketing, commented: “As retailers focus on customer engagement, it is critical to balance the customer experience and online security to ensure their digital debris is not scattered across cyberspace.”
Mobile usage in particular is increasing in volume – accounting for up to 31% of transactions in this period. And where there is an increase in mobile commerce, there is an increase in cyber risk.
“Mobile transactions provide additional opportunities for fraudsters to conduct spoofing attacks or identity theft by increasingly impersonating other devices to facilitate attacks,” said Pandey. “With consumers constantly on-the-go, they are more likely to conduct mobile transactions, which have the potential to compromise their digital identities.”
PCI DSS compliance for e-tailers
With the continued growth of online and mobile commerce, merchants need to be aware of their obligations under the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS was set up by the payment brands American Express, Visa, MasterCard, Discover and JCB to reduce payment card fraud; it sets out security requirements for storing, processing and transmitting cardholder data.
As the Payment Card Industry Security Standards Council (PCI SSC) explains: “Small merchants are prime targets for data thieves. It’s your job to protect cardholder data at the point-of-sale.”
This means that even if e-commerce merchants outsource their payment processes to a third party, they are still are responsible for the cardholder data they process. If your organisation has any form of e-commerce presence, you need to be aware of the PCI DSS’s requirements.
Learn more about the PCI DSS
For more information on the PCI DSS, download our free green paper PCI DSS v3.0 & 3.1: What has changed?, visit our PCI DSS webpages, or call us on +44 (0)845 070 1750 or email email@example.com to discuss your PCI DSS needs.
IT Governance is a PCI QSA (Qualified Security Assessor), and provides a range of solutions to help merchants comply with their security obligations. Whether you need guide books or consultancy, training or toolkits, IT Governance has all you need to ensure your PCI DSS compliance.