PCI Compliance - An Expenditure or Investment ?
Retail industry is highly competitive industry. With the advent of multi-channel commerce competition is stronger than ever. Multi-channel order fulfillment has provided retailers a platform to stay competitive. However, keeping fraudulent transactions in control has become one of the biggest challenges in recent past. Retailers are facing increasing pressure to protect customer data and build customer loyalty. Customers want to be confident that their credit information is safe and that business computer systems are reliable. Recent data security breaches have compromised tens of millions of customers' financial records. Hence, credit card and payment companies have standardized on Payment Card Industry (PCI) requirements to protect data, control access, and defend against cyber-attacks. All retailers who want to process credit card information must adhere to these standards. Thus, PCI DSS is a collection of rules that promote IT security processes and aims to reduce financial fraud through heightened network security capabilities of all organizations processing payment card information.
What this means to retailer is another IT implementation. While retailers are trying to increase sales, lower prices and optimize supply chain, meeting PCI standards is likely to push costs northwards. In addition to this, retailers are not sure about the best way to secure their customer credit card information from hackers. All of these pose following challenges to retailers for being PCI-compliant.
Understanding PCI Requirements - Companies must first understand the requirements of PCI DSS to ensure proper implementation. This effort that can be daunting for those less experienced in putting security-related best practices to work. Also, sometimes retailers assume that PCI compliance is a one-time project rather than a continuous process of secu¬rity best practices.
Upgrading Wireless Infrastructure - The widespread use of wireless networks has created new business opportunities for retailers. It has been extensively used to improve the customer experience and enhance productivity. However, many retailers have old wireless infrastructure. Its security mechanisms are insufficient to protect card holder data as per Payment Card Industry Security Standard. Some retailers' wireless networks are protected by WEP (Wired Equivalent Privacy) standard which is not sufficient for PCI standards.
Technology Related Challenges - The retailers may face challenges like Tracking and monitoring access to the network and systems containing cardholder data; encrypting cardholder data; controlling logical access to systems with cardholder data and authenticating users who access systems containing cardholder data. Another challenge for retailers is to effectively deploy the best practices and technologies for security in hundreds of stores. As is typical for retail, remote stores often lack resources and employees with technical skills to install and manage security solutions.
All of above challenges are making retailers nervous about PCI implementation. However, they also realize that PCI is here to stay. It serves very important purpose of protecting customers' sensitive credit card information. Besides it offers following key benefits -
Protecting Brand Image - Any data security breach not only imposes heavy fines on retailers; but it also damages the brand image to a great extent. Credit card companies may stop transacting with retailers in some case. This would further damage the brand reputation. Hence, investing in IT security is far prefer¬able to incurring unexpected costs for repeat audits, fines, law suits and brand damage. PCI compliance would also make customers feel that their credit card information is secured, thereby increasing their loyalty.
Overall Cost Reduction - It may be argued that the costs of PCI audit and compliance requirements could end up being astronomical. However, financial risks to the business and fines for failing to meet PCI Compliance may actually be much higher. Also, tighter security norms would result in less fraudulent transaction. This would have double impact on cost reduction. The direct impact is that - it would reduce the money lost by retailers due to fraudulent transaction. Also, lesser fraud would reduce the risk of credit card companies; which in turn would result in lesser transaction cost per credit card use.
The most important benefit of PCI is that it offers peace of mind that your IT infrastructure is secured from hackers. Also it should be noted that PCI compliance is not a one-time project. It is a continuous process of secu¬rity best practices. Retailers have to look at PCI compliance as an investment in IT security practice. What do you say?