Online retailers could be vulnerable to credit card fines
Tuesday, June 24, 2008/
Small retailers moving into online selling could be at a greater risk of failing to comply with industry standards on credit card security, a key retail industry group says.
All retailers are required to comply with the payment card industry data security standard, or PCI DSS, when they acquire a merchant payment facility from a credit card provider.
The PCI DSS rules allow credit card providers such as Visa and Mastercard to apply penalties to non-compliant retailers – and it now appears they have done precisely that.
IBM Internet Security Systems PCI service delivery manager Howard Glavin has told The Australian newspaper that retailers have been hit with fines ranging from $5000 to $75,000.
But Russell Zimmerman, the chair of retailer group Australian Merchant Payments Forum, says while there have been some big breaches overseas, he has yet to hear of any in Australia.
“I’m a bit surprised by the reports – the credit card companies have been out educating and informing retailers on their obligations for some time, but I haven’t heard of any retailers being fined and I don’t think it is a big issue in Australia,” he says.
Zimmerman says the obligations retailers face under the PCI DSS depend on their size and the nature of the transactions they conduct, with larger retailers that conduct online or remote credit card transactions likely to face the most onerous obligations.
“Small retailers are probably less informed, but there is plenty of information available to them and the compliance requirements are nowhere near as stringent for those small guys because they generally aren’t storing credit card information,” he says.
But, Zimmerman says, when retailers move online they may acquire a whole new suite of obligations if they start building up computer records of customer credit card information.
“Online retailers have a whole lot more compliance issues, especially if information is going direct to their computers, and particularly some of these smaller businesses should realise they need to be a lot more careful if they do go online,” he says.
Read more on online payment issues
Social media mishaps: Why businesses should think twice before cracking jokes online Catriona Pollard CP Communications founder
An ‘opportunity-hunting’ generation: Here's what millennial workers need and want Karen Gately Corporate Dojo founder
Spilling the beans: Why inviting someone to 'grab a coffee' is disingenuous and unnecessary Sue Parker DARE Group founder
Why success is simple, motivational speakers suck and Eye of The Tiger is dead to me Ian Whitworth Scene Change co-founder
How Emily McWaters manages her Sydney-based business from Kangaroo Island Emily McWaters The Hamper Emporium chief
Why 'Orwellian' performance monitoring is crucial to building an ethical company culture Michael Kodari Kodari Securities chief