June 20 2007

PCI audit for best practice customer service

Digital security specialist Evolution Security Systems has warned retailers that carrying out a full Payment Card Industry (PCI) audit should form part of their Best Practice customer service strategy or risk losing customer confidence in making card payments.

The PCI Security Standards Council has set a deadline of 30 June for retailers to be compliant with its new PCI Data Security Standard (PCI DSS), designed to improve security of customer data relating to card payments made to on and offline retailers, which applies to any organisation that stores, processes or transmits cardholder data, including banks and service providers.

Ritchie Jeune, CEO at Evolution Security Systems said: "With PCI DSS on the horizon and recent reports of high-profile security breaches at major high street stores, restoring customer confidence should be of paramount importance to UK retailers, who should look at data security as forming part of their Best Practice customer services strategy. Failing to carry out a full PCI audit now, which demonstrates that the security of customer card information is being taken seriously, consumer confidence will erode and could lead to fines or even loss of 'privileges' for retailers.

"If consumers feel secure about how their data is being used and who can access their information, there is likely to be a positive reaction, so the first step is to perform a risk analysis exercise to ensure any initial penalties are avoided, before moving on to full compliance. Those retailers that show a willingness to provide improved security of customer information are also likely to be in a better position to take advantage of the commercial opportunities when the new PCI DSS rules take effect."

Emma Herrod