fbpx
Blog June 26, 2019

The Difference Between PCI and Encryption

Today’s online consumers think nothing of submitting their personal information and credit card data to make purchases from their favorite online retailers, but this ease and peace of mind aren’t without a great deal of effort behind the scenes of each transaction. eCommerce merchants must understand the security measures that are in place to protect their customers’ data as well as their business reputation with their customers. Here, we’ll explore the basics of eCommerce security measures and the solutions available for protecting your business and your customers’ valuable personal data.

About PCI

PCI is an industry standard that was created to improve safety when using credit cards online. The Payment Card Industry (PCI) Security Standards Council designed this measure to increase control of cardholder personal data, reduce fraud, and collect, store, and transmit financial information securely. PCI standard is mandated by the credit card brands.

The first version of PCI Data Security Standard (PCI DSS) was released in 2004 in response to credit card companies and consumer concerns over personal information protection when using credit cards during eCommerce transactions.

By 2021, eCommerce sales are predicted to account for 17.5% of all retail sales around the world. In the early days of eCommerce, there was much debate and uncertainty about how safe online shopping was, who had access to consumers’ personal financial data, and how to prevent credit card fraud. These concerns remain today given the prevalence of credit card fraud that still exists, despite rigorous security measures.

Types of eCommerce Fraud

eCommerce sellers must be aware of the types of fraud that can occur so they can understand the threats their customers face and ensure the appropriate security efforts are made to protect their information. Some of the most common types of online credit card fraud include:

  • True Fraud

True fraud involves identity theft and is the most familiar type of online credit card fraud. True fraud occurs when online transactions are made with stolen credentials like using a person’s bank or credit card information.

  • Phishing

In some cases, phishing uses email or messaging to trick users into revealing their personal data such as credit card numbers. The attacker, posing as a trusted entity, gains access to a person’s online information and uses it to make fraudulent purchases. Another type of phishing attack occurs when the thief accesses a user’s online account where their personal information is stored.

For example, a cybercriminal may log in to a user’s Amazon or PayPal account, gain access to their personal financial information, and use that for their own purposes, whether that’s making purchases or siphoning funds into their own accounts. Phishing attacks are easy to carry out when people use low-security passwords that can easily be discovered.

  • Card Testing

Card testing involves cyber criminals using eCommerce sites to “test” stolen credit card information to see if they can go unnoticed. After making several small purchases as a testing method, the attacker is able to make high-value purchases elsewhere.

Cybercriminals can purchase lists of credit card numbers but they cannot tell if the cards are valid until they are tested. Card testing fraud is a major worry of online retailers who can suffer thousands of dollars in lost sales and penalties.

  • Refund Fraud

With refund fraud, online thieves purchase items from an eCommerce site using a stolen credit card, then return it for a refund on their own card or account to gain the financial value for themselves.

Benefits of PCI

While online merchants are required to comply with PCI standards, there are a number of benefits to doing this, including:

  • Greater profits as a result of customer loyalty
  • Customer confidence and peace of mind in doing business with your eCommerce store
  • Avoiding penalties, fines, and fees associated with non-compliance or fraud
  • High customer satisfaction and positive relationships with your customers
  • Reputable image among consumers

What is Data Encryption?

On a basic level, encrypted data can only be accessed by people with a specific decryption key or password. Data encryption is one of the most effective forms of data security that exists today. Encrypted data is unreadable to an attacker who is trying to access it without permission or valid credentials.

Alternative Types of eCommerce Security

PCI standard compliance isn’t the only means of protecting your customers’ personal data. Other types of security measures are:

  • Secure Sockets Layer (SSL)

SSL is a security technology that establishes an encrypted link between a user’s browser and their web server, ensuring that all data that passes through the link is private and protected.

  • Transport Layer Security (TLS)

While SSL is an older type of security, TLS is the modern encryption standard successor. TLS is very similar to SSL in that it’s a means of securely communicating private data over a computer network, but it is the newer, improved version of the two.

It’s evident that credit card and personal information security is critical in eCommerce transactions and the reputation of your business. Without PCI DSS, consumer’s data would be left largely unprotected and vulnerable. While credit card fraud and eCommerce theft remain important concerns for both businesses and consumers, security measures like PCI DSS, encryption, SSL, TLS, among others, are crucial in protecting personal data, financial information, and preventing significant losses for credit card companies, eCommerce merchants, and their customers.

Connectria is an expert PCI compliant hosting partner. Our team has extensive experience in working with eCommerce retailers to ensure their security needs are met and upheld to the highest standard. Working with your team, we excel in setting up a secure network, protecting your cardholder data and personal information, managing vulnerabilities, and monitoring and testing your networks on a regular basis to ensure the highest level of security and compliance. Get in touch with the Connectria team today to get started in establishing a secure network for your eCommerce business that you and your customers can rely on.

 

 

Related Resources

 
What is HITRUST Certification, and why does it matter?
Earlier this month, we announced that Connectria has, once again, passed all of its third-party certifications. For a complete list and a high-level look at…
 
Whitepaper December 5, 2019
GDPR’s Impact on US-Based Companies
 
How to Check Your IBM i OS Version (and Why a Third Party Should Do Your Upgrade)
Many companies run their critical applications on an IBM i framework, all or some of which is still being hosted in their own data centers.…