April 6, 2012, 4:10 PM
Blogger

On their own

Kevin Woodward

Senior Editor

No one likes to hear of yet another network breach in which criminals steal sensitive payment card details. Not consumers, not e-retailers, not payment processors, not the banks that issue credit and debit cards. But there was more of that kind of bad news last week when payment processor Global Payments Inc. disclosed parts of its network had been hacked and that criminals made off with sensitive data from as many as 1.5 million payment cards.

While card brands Visa Inc., MasterCard Inc., Discover Financial Services and American Express Co. will deal with Global Payments, and banks will reissue thousands of credit and debit cards, e-retailers will have to contend with the breach fallout on their own. As Gartner Inc. security analyst Avivah Litan said of retailers, “They don’t get any fair warning.”

E-retailers can use the Global Payments breach as an impromptu reminder to reassess their fraud prevention efforts. This can be especially important for smaller e-retailers that may take a more hands-off approach and rely on their payment services providers.

If I ran an e-commerce business, I’d start first with an analysis of the fraud rate. Is it acceptable? If not, what can be done about it? What services can the payment provider supply? What can help the business without creating a headache for my customers or me?

If the fraud rate is fine, I’d still evaluate it to ensure that the resources put into keeping it low are not thwarting legitimate sales that get caught up in the anti-fraud measures.

I’d also ask what measures are in place beyond simply meeting the data security standards set by the Payment Card Industry Security Standards Council, commonly known as PCI. PCI compliance is a good starting point, but it’s designed to protect the integrity of the payment system, not to assure that a retailer is blocking fraud without turning down good customers.

As a smaller e-retailer, I’d find out if the payment services provider offers tools to help remove sensitive payment card data so my e-commerce system does not store them. Can that be done affordably and without impeding the checkout process?

I’d also ask about any PCI or security fees appearing on my payment processing statement. What really is delivered with those fees? Are they reasonable? Are these fees truly paying for a service that helps my bottom line, or my payment provider’s bottom line?

Essentially, I’d ask myself if I am doing everything possible to protect the cash flow my business must have. A company the size of Global Payments, which annually processes 5 billion global transactions, likely will survive this incident. But a smaller e-retailer that suffers a similar breach may not fare as well.

Comments

Sign In to Make a Comment

Comments are moderated by Internet Retailer and can be removed.

Not a member? Signup for free today!

Recent Posts from this Blog

FPO

Seth Barnes / E-Commerce

Commissions are for closers

A Savings.com executive responds to an Internet Retailer article describing a web merchant’s decision to ...

FPO

Charles Nicholls / E-Commerce

E-mail remarketing: three best practices to maximize revenue

Consumers who make it to the shopping cart are interested in buying. The chief strategy ...

FPO

Kim Giroux / E-Commerce

The five most effective retail affiliate marketing tactics

For starters, find affiliates likely to attract consumers interested in your products, says Kim Giroux ...

FPO

Vanessa Rumbold / E-Commerce

What e-retailers should focus on in 2014

Mobile, for sure, says an e-commerce design expert in a Q&A. Many retailers still fall ...

Advertisement

Advertisement

Advertisement