Payment Fraud Tops List Of Retailer Concerns: Knowledge Of The Issues Lags Behind

A June 2009 survey by Sage Pay, a secure payment service company, shows that sixty-eight percent of online retailers believe that online payment fraud is a major threat to their online business viability.

Given the fact that most consumers pay for online purchases with a credit card and that identity theft is on the rise, i.e., thirty million Americans (or thirteen percent of U.S. adults) as victims in 2005, it is not so surprising that identity theft is such a major area of concern for online retailers.

The surprising information from the survey is that while seventy-five percent of online retailers plan to invest in their online businesses this year, more than sixty percent have any idea whether or not their operations comply with the minimum credit card protection standards. How do you, as an online retailer, stack up?

If you are among the sixty percent of ecommerce entrepreneurs who are not sure if they are e-compliant with the Payment Card Industry Data Security Standards (PCI DSS), here is a bit of information that may cause you to bring this issue into focus sooner rather than later. Organizations that fail to comply with PCI DSS standards risk not being allowed to handle cardholder data and they can face fines of up to $500,000 if data used by their organization is lost or stolen.

If you are not already wondering why have you not paid more attention to this issue, consider what industry analysts are saying. According to GFI, a leading software developer that provides network security solutions, experts studying financial fraud say hackers increasingly are targeting small, commercial websites.

In some cases, criminals are able to gain real-time access to the websites transaction information, allowing them to steal valid credit card numbers and quickly affect large numbers of fraudulent purchases. Small e-businesses offer fewer total victims, but they often present a softer target, either due to flaws in the software merchants used to process online orders or an over-reliance on outsourced website security.

What can you do? You need to start by understanding your responsibilities under the standards. Although the standards do not have the force of international law, they are required for any online merchant who accepts American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. and that is just about everybody.

If you are a small online business (less than 20,000 transactions annually), you can be compliant by using compliant shopping carts and payment gateway services. If, however, you choose to collect and store credit card data as part of your business, you will need to follow the same rules as larger sellers. Large sellers (more than 20,000 credit card transactions annually) must perform validation measures to demonstrate compliance with the PCI. The measures range from filling out a self-assessment questionnaire to undergoing an onsite audit from a qualified auditor.

Go to PCI Security Standards for specific information on requirements based on your volume of transactions.