Credit card companies are insisting on improvements to credit card security to protect consumers and retailers from fraud and hacks. It is estimated that most of the world's credit card fraud can be either directly or indirectly attributed to credit card details being hacked into, stolen or copied when permanently stored in databases on web servers or within similar storage devices.

Most 'real time' or 'live' online payment gateways permanently store highly sensitive credit card and transaction details in databases on web servers or on similar storage devices, as do countless low-end e-commerce websites, and usually all without the cardholder even being aware this is occurring.

The Payment Card Industry Data Security Standard (PCI DSS) requires websites that use credit card facilities to implement a new firewall to protect transactions from hacks or fraud. Website operators who do not wish to use the new firewall are required to have their existing software reviewed by the Payment Card Industry Security Standards Council (PCI SSC).

The PCI SSC is an independent council originally formed by the major credit card companies in September 2006. It imposed a deadline of 30 June 2008 for the implementation of the new security measures, however security industry observers have seen many large online retailers miss the deadline. Those website operators who choose not to adhere to PCI SSC's standards run the risk of being fined or losing their ability to process credit card payments.

The occurrence of online credit card fraud usually results in the online retailer bearing the brunt of the loss as opposed to the consumer, as consumers are reimbursed by credit card companies with the transaction being "chargedback" to the merchant (in a "card not present" transaction. The losers in this battle are the online retailers, whose best interests are served by implementing better online security.

On the consumer side, Mastercard and Visa now provide online purchasers with the option to obtain a secure code that allows the purchaser to shop online with added confidence. When making purchases with participating online retailers, purchasers will be asked to enter their secure code password (a PIN) which will then be verified by their bank to validate the purchaser's identity. This system also provides an extra level of security for online shoppers by ensuring that the online retailers are PCI DSS verified.

Retailers who feel that the initial cost in adopting the new firewall seems to outweigh the cost they are experiencing with online fraud, especially where the existing protection measures are providing satisfactory security, should never underestimate the ability of hackers to devise new and innovative ways to circumvent existing protection measures. The PCI DSS' firewall requirement will increase web server database security and will help keep retailers one step ahead of hackers. More importantly, adoption of these security measures should reduce merchants' risk profiles, and exposure to chargebacks.

Swaab was recently named winner 'Best Law Firm in Australia (Revenue < $20m)' and 'Attribute Award for Exceptional Service (Australia Wide)' and at the 2008 BRW- Client Choice Awards.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.