Compliance Standard Fines for Small Firms' Breaches

PureNet advises ecommerce businesses who are involved in storing, processing, or transmitting cardholder data to adhere to the Payment Card Industry Data Security Standard or face fines.

PureNet, the York-based e-commerce solutions provider, issued a stark warning to online retailers, who may be disregarding the Payment Card Industry Data Security Standard (PCI DSS) - 'follow the standard or pay later'.

The standard was created by the five major credit card companies to help organisations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise.

The card payment industry is facing the increasing threat of data theft. To date, criminals have stolen millions of customer card records. Since 2005, more than 80% of the credit card breaches have occurred at small businesses.

Fines for non-compliance with PCI DSS are already being handed out to retailers and in some cases they have been severe. A recent example was a restaurant in California who unknowingly stored over 11,000 credit card records in their point of sale system. Under the regulations, 'track' data from the credit cards magnetic strips cannot be stored. When that data was breached, Visa and MasterCard fined Abanco, the restaurant's merchant account provider, $27,000. Abanco then in turn passed that fine onto the restaurant.

In 2008, VISA reported that merchants could have avoided most security breaches if they had implemented simple measures, such as removing sensitive authentication data, limiting data retention, and protecting internal and wireless networks through consistent company-wide monitoring and access control.

Managing director of PureNet, Dr. Paul Gibson, said: "PCI DSS applies to all firms if they're involved in storing, processing or transmitting any cardholder data.

"What's more, the standard doesn't just apply to storing data electronically. It also covers manual processing and storage, so it's important organisations know how the standard applies to them before embarking on any retailing venture.

"The adoption of the standard will reduce the risk of suffering a data compromise, and its financial consequences."

PureNet is a leading e-commerce specialist, who can help guide clients through the PCI 'maze'. They have a wealth of experience in the development of e-commerce websites and their ecommerce platform, WebPOS, has been used successfully across a number of diverse retail fields, from clothing retailers, to football clubs, even an agricultural tagging merchant