Merchants are Slacking on Security

October 7, 2011

According to a study by Verizon, 79% of organizations were not fully compliant with the Payment Card Industry Data Security Standard (PCI DSS) in their initial audit in 2010. That’s about the same level as the previous year, the first year the study was done. This is distressing news since PCI Compliance is extremely important for merchants and non-compliance carries heavy penalties.

Host Merchant Services offers its customers and potential customers a PCI Compliance Initiative, which includes a free scan, analysis and report.

HMS works with its customers to ensure they are PCI Compliant, offering resources, information and assistance every step of the way.

 

Secure transactions are important for merchants and a key element of the customer service HMS provides. Which is what makes the following statistics from the Verizon study somewhat disconcerting, considering how easy PCI Compliance is to maintain through Host Merchant Services:

This article by Information Week delves into the statistics from the Verizon report, and offers five reasons why merchants are letting their PCI Compliance slip each year.

1. Businesses See PCI As A Burden. PCI isn’t exactly a new standard, or complying with it a new requirement. Why aren’t more businesses taking it to heart? “Well, it’s hard to say, but one common reason is that they have not internalized the fact that PCI DSS is to help them (as well as card brands and banks) with security. It is not to punish them for failing an audit. PCI is seen by many as an ‘externality,’ not something they ‘adopted for themselves,'” said Gartner analyst Anton Chuvakin in an interview.”

Host Merchant Services understands that PCI Compliance, especially being an annual requirement, can be an added burden on its customers. That’s why HMS created its PCI Compliance Initiative. The company seeks to shoulder that burden for its customers, making PCI Compliance as hassle-free as possible.

2. Merchants Don’t Maintain Continuous Compliance. Many businesses don’t pursue PCI as a way to improve security, but rather treat it as a compliance obligation. “PCI is still often seen as a ‘one time per year’ thing, and such an attitude is pretty harmful–but mostly to the merchants themselves, by the way. Organizations keep ‘doing it over,’ not maintaining it,” said Chuvakin.”

Host Merchant Services, due to CEO Lou Honick‘s prior experience with the web  hosting industry, has a keen insight into how essential the security that PCI Compliance is attempting to standardize can be for its merchants. Which is another key reason why HMS is so involved in seeing that its merchants maintain their PCI Compliance.

3. Poor Awareness Means Lackluster Effort. Compliance officers–or perhaps senior managers–are failing to educate themselves about PCI, and according to Verizon’s research, the greater awareness of PCI found in a business, the greater the actual compliance. “The more aware your organization is of the standard, the more prepared you are for the type of approach you take,” said Verizon’s Mack.”

Host Merchant Services also understands the trouble it can be keeping informed on PCI details and information. Which is why the company’s PCI Compliance Initiative includes easily available online resources to answer as many questions about PCI as possible, an online guide for the most common merchant classification to become PCI Compliant, as well as offering all of this information directly to the merchants face-to-face or on the phone. The goals of the program are to keep the merchant informed, make PCI Compliance easy to understand and easier to maintain.

4. Compliance Checklists Trump Security Posture. To help businesses better comply with PCI, the council in 2009 released the PCI DSS Prioritized Approach to help businesses know which aspects of PCI to address first to most mitigate the risks to cardholder data. But Verizon saw a 10% drop in use of the prioritized approach, and little use of it overall. “

This issue is handled by HMS’ PCI Initiative as well. The company is there working directly with merchants step-by-step on PCI Compliance. So the checklists are handled, but there is also the HMS agent’s expertise on hand with each item on the checklist. So the merchant’s overall security posture is still taken into account. PCI Compliance is an important part of a merchant’s security and Host Merchant Services keeps that in mind through each part of the compliance process.

5. Businesses Not Prepping For PCI 2.0? Businesses that skimp on continuous compliance may soon find themselves called to account as they move to PCI DSS 2.0, with which businesses could have begun demonstrating compliance as of October 2010.”

Host Merchant Services stays up to date on PCI Compliance standards and takes all of the burden onto the company’s shoulders. HMS keeps its merchants well informed about changes, but also does all of the hard work to explain the details and make sure its customers are continuously compliant.

If you take some time to review the PCI Compliance information we have on our site you’ll see that the process is straightforward and it is easy for us to maintain compliance for our customers. This is a path we walk down with our customers. Security is essential in payment processing. And we are here to ensure our merchants are secure and do not backslide into a position where they could get heavy penalties for non-compliance.

The statistics from the Verizon study are somewhat dismaying to read. But our analysis of them seems to indicate that it’s simply an example of where HMS’ focus on customer service steps things up. PCI Compliance can be easy to slack on when the onus is completely on the merchant’s shoulders. And a lot of Merchant Services Providers haven’t taken HMS’ unique approach so the burden remains on the merchant. At Host Merchant Services we take the burden, and help keep you informed, up to date and secure. PCI Compliance is too important to let slide.

Save Time, Money, & Resources

Categories

HMS News

Contact HMS

Ready for the ultimate credit card processing experience? Ask us your questions here.