Online shopping and PCI Compliance
Last week has saw the largest online shopping week of the year. Estimates of upto £6.4 billion being spent online for Christmas gifts during December 2010, up from £5.5 billion in December 2009. There has been year-on-year growth of online spending and it would take a brave person to say that it’s going to stop. Growth will continue as consumers enjoy the ability to shop from the comfort of their living rooms. Next year it will be even easier with new channels to market such as Internet TV allowing viewers to buy what their favourite soap stars are wearing.
As Internet shopping in general increases so will online fraud. How can consumers be protected from credit card theft and identity fraud? This is where PCI compliance plays its part. PCI compliance isn’t just about the credit card companies trying to get someone else to pay for the fraud but is a genuine attempt to secure card holder data. And it is working.
All the security measures that have to be put in place will prevent the vast majority of large thefts like the TK Maxx example. However, how can this be communicated to the end user? What confidence can they gain from companies having PCI compliance?
I would like to see some form of recognition for the online shops that have invested in PCI compliance. Something like a logo and then when the user enters the secure site, a SSL certificate which has been issued from the PCI governing body. That way users know that the website has been through a thorough audit process and has attained PCI compliance.