Credit card companies are insisting on improvements to credit
card security to protect consumers and retailers from fraud and
hacks. It is estimated that most of the world's credit card
fraud can be either directly or indirectly attributed to credit
card details being hacked into, stolen or copied when permanently
stored in databases on web servers or within similar storage
Most 'real time' or 'live' online payment
gateways permanently store highly sensitive credit card and
transaction details in databases on web servers or on similar
storage devices, as do countless low-end e-commerce websites, and
usually all without the cardholder even being aware this is
The Payment Card Industry Data Security Standard (PCI DSS)
requires websites that use credit card facilities to implement a
new firewall to protect transactions from hacks or fraud. Website
operators who do not wish to use the new firewall are required to
have their existing software reviewed by the Payment Card Industry
Security Standards Council (PCI SSC).
The PCI SSC is an independent council originally formed by the
major credit card companies in September 2006. It imposed a
deadline of 30 June 2008 for the implementation of the new security
measures, however security industry observers have seen many large
online retailers miss the deadline. Those website operators who
choose not to adhere to PCI SSC's standards run the risk of
being fined or losing their ability to process credit card
The occurrence of online credit card fraud usually results in
the online retailer bearing the brunt of the loss as opposed to the
consumer, as consumers are reimbursed by credit card companies with
the transaction being "chargedback" to the merchant (in a
"card not present" transaction. The losers in this battle
are the online retailers, whose best interests are served by
implementing better online security.
On the consumer side, Mastercard and Visa now provide online
purchasers with the option to obtain a secure code that allows the
purchaser to shop online with added confidence. When making
purchases with participating online retailers, purchasers will be
asked to enter their secure code password (a PIN) which will then
be verified by their bank to validate the purchaser's identity.
This system also provides an extra level of security for online
shoppers by ensuring that the online retailers are PCI DSS
Retailers who feel that the initial cost in adopting the new
firewall seems to outweigh the cost they are experiencing with
online fraud, especially where the existing protection measures are
providing satisfactory security, should never underestimate the
ability of hackers to devise new and innovative ways to circumvent
existing protection measures. The PCI DSS' firewall requirement
will increase web server database security and will help keep
retailers one step ahead of hackers. More importantly, adoption of
these security measures should reduce merchants' risk profiles,
and exposure to chargebacks.
Swaab was recently named winner 'Best Law
Firm in Australia (Revenue < $20m)' and 'Attribute Award
for Exceptional Service (Australia Wide)' and at the
2008 BRW- Client Choice Awards.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The Sportscraft refunds and returns policy limitations went beyond consumer's rights under the Australian Consumer Law.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).