Who in small business actually understands PCI compliance, not many according to this survey!

Does your business have a website where people can purchase your products?   Do you accept credit card payments?   Do you know what level of security has to be implemented to protect your clients information?

According to a recent survey most small and medium businesses and not for profit Organisations do not understand their responsibilities under the Payment Card Industry Data Security Standards (PCI-DSS).   This is not a government based compliance regulation, this is a regulation that was put in place so that anyone who accepts a credit card payment adhere to a cyber security standard, world wide.

The reason that most SME’s have problems with the PCI-DSS is the cost.   The cost of putting the correct systems in place, the cost of getting the right people, the cost of creating the right procedures and policies and the cost of certification are all balanced with the overall cost of giving your customers access to your products online.

When SME’s are looking at accepting credit card payments from the Internet there are a number of processes that have to be implemented.   You need the following features at a minimum – an SSL certificate for the website so that all traffic to and fro is encrypted.   You need a payment gateway, usually a bank that allows the passage of the funds from the credit card account to your business account and you also need some level of shopping cart for the website.

All sections can be costly but the gateway has an initial cost as well as an ongoing cost, all these costs have to be factored into the costs of selling stuff on the Internet.

Selling through your website is NOT just a matter of adding a shopping cart to the website and attracting your customers.   It is a process that has no short cuts and no cheap alternatives.   The only alternative is to use PayPal as your payment supplier, this still has a number of drawbacks – it still cost to set it up and run and your purchasers have to have a PayPal account.

One of the benefits with the Internet is the ease that you can set up a web site and start to sell.    One of the problems with the Internet is the same, you can set up a web site and sell.

My advice to any business who are contemplating a shopping cart environment for their business is to talk to someone who actually knows the business and compliance requirements before you take the big step and find yourself quickly over you head.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.

Leave a Reply