Is your organization accepting credit card transactions online? Are those transactions secure according to the Payment Card Industry’s (PCI) Data Security Standards? 66% of consumers warn they won’t purchase from an organization after they’ve had a breach of payment card information.
The PCI’s Security Standards Council released a guidance document to help educate merchants on securely accepting payment cards online. The updated guidance, Best Practices for Securing E-commerce, comes at a time when online payments are a top target for cyber criminals.
E-commerce is a growing security concern for merchants. Online sales growth is rapidly increasing, and the EMV chip migration in the U.S. is causing fewer in person card transactions. Cyber criminals recognize these trends and have turned their attention to e-commerce to commit payment card fraud.
Best Practices for Securing E-commerce
A large portion of the guidance is dedicated to the topic of SSL and TLS. There’s still confusion regarding these encryption solutions and properly selecting a certificate authority.
The PCI Council announced in December 2015 that all merchants accepting payment cards are required to adopt TLS 1.1 encryption or higher by June 2018. Google added to the urgency by warning users of their Chrome browser when they visit a website without HTTPS.
Key encryption topics discussed in the guidance include:
- Guidance on selecting a certificate authority
- Descriptions of different certificate types
- Questions to ask service providers regarding certificates and encryption
The PCI Council is taking a proactive approach to the encryption issue with SSL and TLS. The implementation deadline is still a year away, but merchants that aren’t compliant can use this guidance to help securely accept online payments.