Does PCI DSS Compliance Affect You?

Table of Contents

What Does PCI-DSS Stand For?

Merry Christmas, I know the season has passed already, but given the recent massive data thefts that have occurred at various retailers, and the misery this has caused both their customers and them, I thought, why not try to cheer everybody up a bit. 

 

Besides, I needed a nice segue from what is, arguably, one of the most important stories to pop-up recently, to some questions every retailer must ask and answer about transactional security (and financial compliance) and how much money they are spending on marketing and then blowing on poor security.

 

 

PCI DSS Non-Compliance

Are You PCI-DSS Compliant?

 

But wait, you say, didn’t I title this blog PCI-DSS something or other? 

 

As a consumer, and we are all ultimately, consumers, I never even heard of PCI-DSS until about six months ago, when I ran a SAP Greenfield implementation at a major retailer in Europe. 

 

So what does PCI-DSS stand for and why might you, a consumer, want to know about it?  It stands for Payment Card Industry Data Security Standard and if you have a credit card issued in Europe, you most likely have a chip in your card, whereas, if you have one issued here in the U.S., it probably does not, though there are a few issuers who use them. 

PCI DSS Consulting

I asked one of my Senior SAP FICO consultant buddies  (with a background in PCI DSS consulting) why this is and he explained the following to me:

 

Are you aware of Liability Shift? 

 

"(Chip and PIN's) main attraction to banks is the 'liability shift,' which is precluded in the U.S. by Regulation E,"

"This shift means that disputed transactions will be blamed on the customer if a PIN was used and the merchant otherwise took every prescribed security precaution. Thus, in theory, the bank would never again be liable.

In practice, it has not worked. You can't have a secure system if one party guards it and another party pays the cost of failure.“

This "liability shift" has been a "good incentive'" for merchants to adopt chip and PIN.

Such a shift isn't possible in the U.S. because of rules set up under the Electronic Fund Transfer Act of 1978.

This is probably good news for U.S. consumers, since the standard was fully adopted, it's been next to impossible for British consumers to recover money stolen in fraud.

That last little tidbit, is, to me, of critical importance, having been a victim of Credit Card fraud in the past in the U.S. and ultimately having been made whole by my card issuer. 

Make Customers 'Whole' As A Service

The marketing opportunity here is for a retailer to make it perfectly clear to a consumer that in addition to taking all possible technical security measures possible to secure their payment processing system, they will ALWAYS make their customers whole in the event of a data breach.

As an Inbound Marketer, I could see several possible pieces of content one might want to generate and reuse constantly to assure consumers that their credit card/debit cards are safe to use in the stores:

 

  1. Define what security standards are required to be met by the store, and prove, and reprove that the retailer meets these standards.

  2. Though not all that exciting, communicate to the consumer each time you pass a security audit of your PCI-DSS.

  3. Go well beyond European standards for the protection of personal data, and make sure every consumer is aware of exactly what data is being stored by the retailer, and allow them the opportunity to correct or delete it at any time, at no cost.

  4. As almost every retailer, indeed, anybody that sells anything, is moving toward a loyalty management system, and by extension, is collecting massive amounts of personal data, then the previous statement becomes even more critical to accomplish. 

    In the name of transparency, and this is not easy, show where the consumer’s data is actually used in your system, and this goes well beyond the marketing function. 

    It touches logistics and finance in a wide variety of areas you might not initially think about.

  5. Provide complete transparency to consumers on every party that will touch the credit card transaction, including the bank and payment gateway provider. 

  6. When a retailer uses more than one payment gateway provider or bank, if there is a savings, (that is why they have more than one), then provide some of those savings to the consumer. 

    Use this to inform the consumer, i.e., one more opportunity to communicate.

Keep Consumer's Confidence

 

Though highly unlikely, should consumers lose confidence in the security of their credit cards, they will revert to cash only transactions. 

 

It Cost Cash to Handle Cash

 

Most people believe this is cheaper than a credit card transaction to the vendor, but, as most any large retailer will tell you, that may not be the case, at all. 

 

For instance, if your store is doing 1 million a day in transactions, and 10% of those transactions are in cash, you are handling $100,000.00 worth of cash, which has to be counted, audited, secured and transported. 

Each of those steps has a cost, and they all take far longer to accomplish than an electronic transaction. 

Now imagine, tomorrow, that ratio is reversed, and you are doing $900,000.00 in cash transactions and $100,000.00 in credit card transactions. 

Your logistics cost just went up, your risk of armed robbery during transport just went up (and your cost of security went up, no doubt), and your ability to squeeze the payment gateway provider commission rate just went way down. 

You also now have consumers who are lot less likely to make purchases as they don’t have access to cash so easily.

True Cost of Data Thefts Are Enormous

In short, these massive data thefts are threat to the economy at the systemic level and may drive your marketing cost way up.  

 

That is why you need to get PCI-DSS and EMV compliant, you need to have a marketing approach that leverages your efforts to secure those transactions at the lowest possible cost.  You can start by learning more about Inbound Marketing and how it can help you boost customer satisfaction, especially by providing content that reassures consumers that their Credit Card transaction conducted with your establishment are secure and does not result in any liability being shifted to them.

 

Download Integrate Inbound Marketing and Retail Strategy Checklist

 

 

 

 

 Thanks

 
Topics from this blog:
Inbound Marketing PCI-DSS

Download SAP BW Mindmap

Learn what SAP Business Warehouse is and what it does in under five minutes

Get this Mindmap

Lonnie D. Ayers, PMP

About the Author: Lonnie Ayers is a Hubspot Certified Inbound Marketing consultant, with additional certifications in Hubspot Content Optimization, Hubspot Contextual Marketing, and is a Hubspot Certified Partner. Specialized in demand generation and sales execution, especially in the SAP, Oracle and Microsoft Partner space, he has unique insight into the tough challenges Service Providers face with generating leads and closing sales using the latest digital tools. With 15 years of SAP Program Management experience, and dozens of complex sales engagements under his belt, he helps partners develop and communicate their unique sales proposition. Frequently sought as a public speaker in various events, he is available for both inhouse engagements and remote coaching.
Balanced Scorecard Consultant

He also recently released a book "How to Dominate Any Market - Turbocharging Your Digital Marketing and Sales Results", which is available on Amazon.

View All Articles by Lonnie D. Ayers, PMP

The SAP Blog

Subscribe to our blog and receive SAP BW Updates, demand generation, inbound marketing, sales enablement, technology and revenue generation insights and ideas delivered right to your email.