Small business owners are 100 percent responsible for their customers’ personal information and credit card data. One of the biggest myths is that security is tied solely to credit card information. The Payment Card Industry (PCI) Security Council will be the first to point out that it is as much about the personal information of your customers as it is about their credit cards. At the end of the day, banks can be a safety net if someone were to get your customers’ credit card information. Unfortunately, there isn’t a safety net if personal information is stolen from an online business.
PCI compliance is still a misunderstood concept. While there is plenty of material available on the topic, a small group of people have most of the information. History shows us that when this type of situation occurs in the marketplace, a lot of people end up buying services that don’t help at all. If your credit card company, ecommerce provider, hosting company, bank or other provider offers you a new service to assist in maintaining PCI compliance, simply ask the following question. “By purchasing this service, are you guaranteeing that you will pay for any fines or loss of business I might suffer if my online store becomes compromised?”
More often than not, the answer will be no. So why would you pay money for something that won’t help you with the problem? The answer is lack of knowledge. Most small business owners don’t have enough time to run their stores, much less to keep up with the security requirements for maintaining an online business. As a result, when a service provider approaches an online businessperson about a new service to secure it customers, it scares many business owners into purchasing it.
The bottom line
Online retailers must find the time and take responsibility for protecting their customers. For ecommerce, be sure you are using a PA DSS (Payment Application Data Security Standard) certified application or a business that is PCI DSS certified. That is the first step. After picking the right ecommerce provider, you must take control of the rest of your customers’ security. This can be achieved by going through the PCI DSS process to get your business certified.
Pinnacle Cart, for example, carries the PA DSS certification and works with hosting companies that are PCI DSS compliant. Still, it does not have control over its own destiny. If the company it uses decided to stop offering PCI DSS hosting, Pinnacle Cart would be forced to spend a lot of money moving customers to another data center. To gain control of its security, the company is working on becoming PCI DSS compliant.
The process isn’t easy and it costs money, but the return on investment will come to any business that commits to the process. You can show your compliance on your website like a badge of honor, and you will likely see an increase in website conversions.
Mike Auger is president and CEO of Pinnacle Cart, a hosted shopping cart and ecommerce software application that allows you to create, manage and effectively market your business. www.pinnaclecart.com.