03/11/2014

By Tim Lansdale, Head of Payment Security, Worldpay


Whatever you’re selling, accepting payments is critical to the success of any business. Unfortunately, things get a little more complicated as soon as debit or credit cards come into the equation, mainly because we often take for granted that sensitive cardholder information is actually safe.

British businesses have paid out more than £878,000 over the last three years due to hackers successfully accessing cardholder data, according to figures from Worldpay. Even more alarmingly, of the companies whose customer card data was hacked in 2013, 61% were small companies. Unfortunately the smallest businesses – particularly those in the electrical, hardware, and automotive industries – tend to be the worst hit.

With this in mind, Visa and MasterCard insist upon compliance with the Payment Card Industry Data Security Standard (PCI), a set of tools and measurements that help ensure cardholder data is transmitted and stored securely.

Taken at face value, however, “PCI” might appear expensive, time-consuming and onerous in the extreme – yet another example of the red tape that is better off left to the high street giants. But let's be clear about this. PCI wasn't actually set up by the card schemes to benefit retailers at all; it serves to protect customers.

We should all start thinking of payment card compliance as the kind of “hygiene rating” that restaurants or takeaway outlets proudly display in their windows. In fact, food hygiene ratings and PCI are built on similar foundations; they aim to make businesses aware of the bare necessities of safe operations. So instead of guidelines on food preparation and storage, think procedures around the handling and storage of card data.

This isn't to say a compliant business will never suffer a data breach, or that a restaurant goer won’t ever catch food poisoning. But being aware of sound business practices and adhering to these daily will protect the health of the business in the long term – and that has to be a good thing.

The reason this matters is that consumers are getting increasingly savvy when it comes to online shopping. Online payments revolve around trust and shoppers can be suspicious if a site doesn't look authentic or reputable. What's more, PCI compliant businesses are less susceptible to fraud. Worldpay has noticed these businesses are less likely to be left out of pocket because their security is tighter and they are more familiar with how the payment system works. Less fraud means less time and money spent on cleaning up after a data breach, letting you focus on what you do best: running your business and maximising profitability.