When you handle sensitive customer data like credit card information, your customers trust that you’re taking every precaution to ensure the safety of their valuable data.
Luckily for merchants who process their own payments, the Payment Card Industry (PCI) compliance standards have been established to help guide businesses to better data protection practices.
It may seem like a small thing — after all, who is going to try to intercept your customer’s credit card information? It’s not like you’re a massive business with thousands of transactions every day. Although we hear about data breaches of big corporations on the news, that doesn’t mean the little companies aren’t targeted, too — they’re just not big news because millions of records aren’t at risk.
What PCI Compliance Means for Customers
Customers shopping online look to you to protect them against fraud and identity theft, whether you’re Target or Mom and Pop’s Internet Shop.
They’ve come to believe that online transactions are secure, which makes your store’s very existence possible. You need to make every effort to help your customers stay secure and feel secure, and making sure you’re PCI-compliant is a big part of that.
Although each credit card company has established its own standards, they’re all fairly similar. If you’re taking payments through your eCommerce order management system, you can get into compliance and stay that way by paying close attention to these six items:
Company-Wide Data Security Policy. Just like you have a uniform plan for order fulfillment, you need a plan for data security. Make sure all your employees understand their responsibilities to customer data and the penalties for violating them.
Network Security. Any computer that stores any customer data must be on a secure network and behind a firewall at all times. Don’t get sloppy and take your unsecured laptop to Starbucks to get a little work done, because you may be putting your customers at risk.
Cardholder Data Protection. One of the most vital parts of eCommerce order management is protecting cardholder data every step of the way. That means not only storing customer data in a location where the bulk of your employees can’t access it, but ensuring that if an unauthorized person did gain entry, they’d be unable to easily utilize the data. Encryption and secured storage can go a long way toward keeping your customers safe.
Data Access Restriction. There are going to be a few employees who need access to customer data for various reasons. Even if you trust those individuals, you still need to track who accesses the database, so assign unique identifiers to each user and ensure that everyone understands the penalty for allowing someone else to use their login.
Data Vulnerability. Your data is always at risk, that’s a reality of being an online business. To defend against those who would crack your security, you need to regularly update your anti-virus software, any data security programs and your software firewall. Having the newest updates makes it harder to smash through your security to get to the data behind it.
Security Testing. It should go without saying that you need to test your security to make sure it’s as secure as you believe it to be. There are plenty of security testing companies that can help you with this requirement, they’ll even let you in on any vulnerabilities they find.
PCI Compliance may sound like an effort to get more business for the credit card companies, but it’s a big deal to your customers. They trust that you’ll protect them, just like they trust that you’ll treat them right if something goes wrong with their orders. Keep people coming back to your online store by providing them with the best security possible by remaining PCI-compliant.