Credit card firms in cybersecurity push

In an attempt to make e-tailers raise their game on security Mastercard, Visa and American Express are all promising harsh treatment of those who don't take it seriously
Written by Will Sturgeon, Contributor on

Online shops face increasing regulation, with credit card companies handing down strict guidelines on the protection of customer data.

After 30 June, companies selling goods online will be required to apply annually for certification under the new tighter guidelines — providing consumers with greater guarantees of security when transacting online.

Mastercard, Visa and American Express are all involved in the scheme, which is intended to encourage more shoppers to spend online and counter some recent negative publicity relating to the security of data provided online — such as Bank of America's lost accounts, the attempted cyberheist at Sumitomo Bank and past data protection issues involving the likes of Argos, B&Q and utility firm Powergen.

Firms processing more than 20,000 transactions per year will be required to scan their networks each quarter and conduct annual audits of their compliance with the standards in order to qualify for certification.

Non-compliance will mean e-tailers will be unable to process transactions with the credit card companies — cutting off their livelihood over night, or forcing them to involve customers in more convoluted processes such as sending cheques or making money transfers — neither of which will appeal to merchant or customer due to extra time, costs and liability associated with such methods.

Editorial standards