How PCI Compliance Helps Protect Your Business from Breaches
Sam Farraj is AVP-Content Delivery & Security Platform, AT&T Global Business Services. You can find more blog content from Sam and other experts on the AT&T Networking Exchange Blog, where this article originally appeared. AT&T has sponsored the following blog post.
Next time you are enjoying the ease of shopping online, remember this: Studies estimate that online retailers lost $3.5 billion to fraud in 2012. On top of that, add the cost of inconvenience to legitimate consumers who either had to notify their credit card companies, or who may not have even spotted the fraudulent charges when they paid their bills. Blogs and social media are cluttered with stories of people whose credit cards were used to make fraudulent purchases, leaving the victims to clean up their accounts.
How do online retailers work to prevent this fraud? Well, one way is to rely on technical partners who achieve compliance with the Payment Card Industry Standard – Data Security Standard, or PCI DSS.
PCI compliance ensures that credit card information is not stored on servers and storage devices that might be breached. It requires regular audits of data center practices, operations, customer service processes, and data retention rules. And PCI is the by-product of a consortium consisting of the five major credit card companies, American Express, Discover, JCB, MasterCard, and VISA, so retailers can be comfortable that the standard meets the requirements of their most important credit partners.
An ecommerce site can have many suppliers, providing various components of the full catalog and shopping cart process, so retailers must look for compliance validation at the credit card company websites, or by requesting validation from the card companies themselves. Verifying compliance with the PCI standard makes things easier for retailers, who can focus on features and functionality of their online storefronts, once they are assured that their technology partners are following the PCI rules to protect cardholder information appropriately. One standard may apply across many vendors and partners, and each of them is able to operate off of shared, documented practices and processes, including the auditing steps, usually completed by independent third parties.
CDNs can strengthen PCI compliance
Content Delivery Networks (CDNs) offer retailers a number of important and valuable services, from content caching to application acceleration, from loading web pages faster with front end optimization to protecting critical websites from Denial of Service attacks and other security threats. And when selecting a CDN, retailers should also be checking to make sure their CDN itself is PCI compliant. The CDN is a crucial part of a retailer’s strategic infrastructure, and, in addition to demanding advanced services to perform and protect, retailers should expect that their choice in CDNs will strengthen their overall PCI compliance, and not leave the retailer vulnerable to having any cardholder data allowed to be at risk, even for brief periods.
Some CDN products have made the effort to have themselves audited and verified as being PCI compliant, while others have elected not to complete that process. Online retailers want to make every legitimate purchaser’s buying experience outstanding, so they will have happy customers who will come back and buy from the site again and again. PCI-compliant technical providers can help ensure that positive experience, so retailers should be selective. And even when choosing a CDN, retailers should expect to work with partners who make their jobs easier and their customers happier.