Yahoo Stores features ‘automatic’ PCI compliance for secure payments, among other options.
(Page 2 of 2)
Online fraud-and fear of fraud-remain important issues for online retailers. As a percentage of U.S. online sales, fraud declined again in 2006 to 1.4%, down from 1.6% in 2005 and 3.6% in 2000, according to an annual survey by CyberSource.
But in dollar terms, fraud losses were expected to reach $3 billion last year, up from $2.8 billion, CyberSource says. And harder to measure are lost sales from consumers not buying online for fear their personal information will be stolen and misused. Forrester Research says 37% of consumers concerned about identity theft have stopped shopping online altogether.
BuySAFE Inc. addresses those concerns by offering consumers a guarantee against merchant fraud. More than 3,000 merchants have been certified and more than 12 million transactions guaranteed, says Jeff Green, buySAFE CEO. The company typically charges consumers 1% to 5% of the transaction amount for the guarantee; or merchants can offer the buySAFE guarantee, paying fees that are typically lower than those charged consumers, Green says.
Data security deadlines
Real fraud, and consumer concerns about fraud, are behind the payment card industry’s adoption of data-security standards known as PCI, which require all parties to a payment transaction-including merchants-to ensure that card numbers and other personal information do not fall into the wrong hands.
With deadlines coming up this fall for merchant compliance with PCI, a growing number of companies are offering merchants technology and consulting services related to the security initiative. Among them is GFI Software, which offers products that monitor computer networks for intrusions, ensure that security patches are installed, and keep track of portable storage devices such as USB tokens, among other services.
Fines for failing to comply with PCI can reach as high as $500,000, says Kevin Hodak, technical support supervisor at GFI. And he notes the consequences of an actual data compromise can be expensive. While smaller merchants can self-certify their compliance with the PCI standards, he says any merchant that suffers a data breach has to comply with the most stringent requirements, usually reserved for the largest merchants. Those rules include on-site security audits by outside firms.
Leave the compliance to us
ACH Direct, a payments processor for 7,000 merchants online and off, has recently introduced a product called WebPay that relieves retailers of compliance worries by transferring all financial data to ACH Direct’s servers. Although consumers are not aware of the shift, they are moved to a page hosted by ACH Direct to enter their payment data, then returned to the merchant site.
That means the responsibility for complying with PCI as well as with the separate standards for automated clearinghouse, or ACH, transactions, moves to ACH Direct, says Jeff Gonzales, director of marketing. But the main selling point, he says, is that it is an easy way for smaller retailers to add payment functionality to their sites.
While working to comply with PCI deadlines, online retailers also will be watching this fall for possible congressional action on a bill that would give certain states the right to require sales tax collection by larger online retailers selling to residents of those states.
The bill introduced this spring by Sen. Michael Enzi (R-WY) would grant the right to collect sales taxes to the 21 states participating in a 2-year-old initiative called the Streamlined Sales Tax project meant to create more standardized sales tax rules among the 50 states. The project provides merchants who voluntarily choose to collect sales taxes with software that handles the collection and remittance procedures.
Enzi failed to make much headway last year with a similar bill, and Congress is not likely to act on it this year either, says Daniel Schibley, state tax analyst with CCH Inc., publisher of tax and legal information. He says Congress wants to see if states can convince more merchants to voluntarily collect taxes before letting states impose tax collection. Two U.S. Supreme Court rulings effectively prevent any state from requiring a retailer not based in that state to collect sales taxes.