Small retailers moving into online selling could be at a greater risk of failing to comply with industry standards on credit card security, a key retail industry group says.
All retailers are required to comply with the payment card industry data security standard, or PCI DSS, when they acquire a merchant payment facility from a credit card provider.
The PCI DSS rules allow credit card providers such as Visa and Mastercard to apply penalties to non-compliant retailers – and it now appears they have done precisely that.
IBM Internet Security Systems PCI service delivery manager Howard Glavin has told The Australian newspaper that retailers have been hit with fines ranging from $5000 to $75,000.
But Russell Zimmerman, the chair of retailer group Australian Merchant Payments Forum, says while there have been some big breaches overseas, he has yet to hear of any in Australia.
“I’m a bit surprised by the reports – the credit card companies have been out educating and informing retailers on their obligations for some time, but I haven’t heard of any retailers being fined and I don’t think it is a big issue in Australia,” he says.
Zimmerman says the obligations retailers face under the PCI DSS depend on their size and the nature of the transactions they conduct, with larger retailers that conduct online or remote credit card transactions likely to face the most onerous obligations.
“Small retailers are probably less informed, but there is plenty of information available to them and the compliance requirements are nowhere near as stringent for those small guys because they generally aren’t storing credit card information,” he says.
But, Zimmerman says, when retailers move online they may acquire a whole new suite of obligations if they start building up computer records of customer credit card information.
“Online retailers have a whole lot more compliance issues, especially if information is going direct to their computers, and particularly some of these smaller businesses should realise they need to be a lot more careful if they do go online,” he says.
Read more on online payment issues