digital marketing eCommerce connectivity & hosting content management web 2.0 & social media
payment systems – reaching the standard
Companies trading online are coming under increased regulatory pressure to be PCI DSS To do this, they no longer need to move their customers to our URL to process payments;
Compliant. Sage Pay ’s CTO, Mat Peck explains… instead, we’ve developed new technology that enables merchants to fully customise their
Few businesses are fully aware of the regulatory framework that exists in the e-payment
payment pages, but allows us to collect the cardholder data on their behalf. This means
sector – and, arguably, why should they be? Top of their concern is the need to develop
that merchants need only to achieve the basic level of compliance, which is cost-effective
an attractive website that provides their customers with enough information to convince
for them, safe for their customers and doesn’t infringe on the buying experience, as they
them to purchase their goods and/or services.
don’t even move from their URL.
However, the risks of fraud and data breaches in the field of e-commerce are huge
Keeping data safe
and businesses are being urged to prioritise the way in which they manage and process
According to the PCI Security Standards Council, merchant-based vulnerabilities may
payments. Not doing so risks severe financial penalties, not to mention the reputational
appear almost anywhere in the card-processing system, due to the use of personal
harm that comes alongside high-profile losses.
computers or services or wireless hotspots and, in particular, the unsecured transmission
of cardholder data. Such vulnerabilities may even extend to systems operated by PSPs,
From the beginning while processing and transferring the payment information, which is why it’s so important
PCI DSS (Payment Card Industry Data Security Standard) compliance is the baseline to select a PSP which has Level-1 accreditation.
security standard for the proactive protection of payment account data. The standard
was created to help facilitate the broad adoption of consistent data security measures
The PCI Security Standards Council also sets out requirements for the storage of data on
across the globe and guarantee consumers an appropriate standard of security.
company servers. The storage of cardholder data could make your system vulnerable to
fraud so you will need to manage the risks accordingly. First by identifying where they are
There are varying levels of compliance – from levels 1 to 4, depending on the annual and then working to control them through relevant security procedures, such as regular
number of credit and/or debit card transactions processed. Level 4 relates to merchants anti-virus software programs and limiting the number of employees who have access to
processing less than 20,000 transactions a year, while Level 1 applies to merchants the system. Processes, once put in place, should be regularly tested and
with over six million transactions a year, or merchants whose data has previously been
compromised.
maintained; it’s not enough that you’ve created a stringent control mechanism, you also
have to make sure that you regularly check and update it.
Once merchants have been assigned a level of compliance, they need to fulfil certain
criteria, relating to that level. For Level 4, this involves filling in an annual self-assessment
If you have a strong security policy in place, you can use that to set the tone for your whole
questionnaire, but Level 1 merchants need to conduct annual on-site security and
organisation. Most of the time, going a bit above and beyond the requirement can yield a
quarterly network security scans.
lot more value to the company, particularly as PCI DSS rules will continue to evolve over time.
By 30 September 2009, Visa will require confirmation from acquirers that their level 1 and
Overall, it’s in a merchant’s long-term interest to show that it takes serious responsibility for
2 merchants are not retaining any sensitive card data. It will also require acquirers to
its customers’ data.
provide an Attestation of Compliance for each of their Level 1 merchants demonstrating This is an abridged version of ‘Reaching the standard’, published in Issue 1 of Moving
that each has validated full PCI DSS compliance by 30 September 2010. If they don’t, Money magazine.
severe penalties could be levied until they become compliant.
Visit sagepay at the networking Bar.
Given the nature of expertise that is necessary to become fully Level 1 compliant, many
e-retailers, are choosing to transfer their obligations to Level-1 compliant payment service
Email:
movingmoney@sagepay.com for more information on PCI or to receive the full
providers (PSPs), such as Sage Pay, which is a sensible approach given that we need to
version of this article.
achieve this standard anyway.
retail Online in 2009: Welcome to the Omnichannel
Winds of change are blowing though the channels of commerce – ill winds for the online shopping (79.6%) has barely improved (+0.36%, excluding delivery) during the past
visionless, but trade winds for a new generation of enlightened merchant venturers. two years and is not as good as consumers would like it to be. Second from bottom of the
2009 will be a wild ride for many retailers as they contend with a bleak economy, desperate
list of eight factors comes ‘Service’ (i.e. ‘Response to Queries’), scoring just 74.7%.
competitors and cautious, spoilt-for-choice consumers. It’s not all grim news however; global These results indicate that an e-business that focuses on and provides superior quality
online shopping will remain a €450 billion bright spot with continued double digit growth. service in these areas will have a distinct and long term competitive advantage.
The internet, of course, has far wider implications for retailing than just selling online: it In 2009 and 2010 consumers will be focused on value for money. Competition will be
has emerged as a primary consumer influencer - a channel for discovery, research, increasingly severe. Keeping existing customers whilst attracting new ones will be essential
reference, help, support and voicing complaint. to immediate and future strategic survival. Key to this will be providing a great customer
For many consumers, the internet is now their principal touchpoint for news, information,
experience through attractive offers, convenient delivery, superior customer service, and
communication, acquisition experience sharing and trade – it is in effect their omnichannel.
market beating value for money.
By 2020, the majority of all retail sales will be either on or influenced by the internet.
Mature and proven cross border fulfilment services by companies such as TW4 combine
Existing methods of marketing, sales, support and fulfilment will change due to
e-commerce, marketing, response handling, payment processing, warehousing, logistics,
accelerating consumer demand, ecommerce profitability and market support expertise.
customs clearance that are designed to make cross-border trading a straightforward, well
managed opportunity for any retailer.
2009 will be a pivotal year. Retailers will be taking stock of past performance, their long-
term prospects and strategic investment opportunities to position for the recovery. Most
TW4 fulfilment services provide retailers with expertise and managed network resources
importantly they will seek to establish an e-business mindset at the core of their business.
to create and benefit from a first class fulfillment operation. This allows businesses to
focus on their core activities in the knowledge that product fulfillment is being managed
Retailers who master ecommerce find their commercial horizons constantly expanding. responsively, cost effectively and consistently.
Today millions of consumers are still missing out on online shopping. Clear opportunities exist
to attract them online, build their trust in ecommerce and provide them with clear benefits.
What the last 5 years have proven is that e-commerce is not just a bolt on to existing
retailers. It has changed the way consumers view retailers and how they expect to be
Outside home markets retailers can benefit from currency exchange shifts and treated and supported in a multi channel world.
increasingly sophisticated fulfilment capabilities to service the world’s billion online
shoppers who will spend almost half a trillion Euros online in 2009.
Retailers now have a golden opportunity to examine, update and reposition their
ecommerce and channel capabilities for the boom in online sales that will accompany
To benefit from economic recovery e-retailers must focus on getting the ecommerce the 2010 - 2011 recovery. How they navigate the trials and opportunities of the next
basics right. 12 months will decide whether they shrivel or succeed.
Consumers are aggressively setting the future agenda for retailers. IMRG research with Visit TW4 on stand e3038.
eDigitalResearch and ipoints shows that UK consumers’ rank the most satisfying aspects
of online shopping as: 1) Product Range 84%; 2) Delivery Experience 81.4%; 3) Ease of
arvid Jayal – James roper –
Navigation 79.8%; 4) Finding Help on the Website 77.1; 5) Price Competitivity 76.4%. Apart
Business Development Director, TW4 Chairman,
IMRWorld.org
from delivery experience, where satisfaction has increased by 4.2%, overall satisfaction with
22
www.internetworld.co.uk
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64 |
Page 65 |
Page 66 |
Page 67 |
Page 68 |
Page 69 |
Page 70 |
Page 71 |
Page 72 |
Page 73 |
Page 74 |
Page 75