The PCI Security Standards Council recently released a new set of guidelines aimed at helping merchants safeguard customer data while running e-commerce operations. In addition to advice on how to maintain compliance with PCI data security standards, the report also offers businesses some assistance in choosing third-party partnerships.
“No option completely removes a merchant’s PCI DSS responsibilities. Regardless of the extent of outsourcing to third parties, the merchant retains responsibility for ensuring that payment card data is protected,” the report states. “Connections and redirections between the merchant and the third party can be compromised, and the merchant should monitor its systems to ensure that no unexpected changes have occurred and that the integrity of the connection/redirection is maintained.”
Business owners may opt to build their own e-commerce platforms and use proprietary software, though many do not have the technical expertise or manpower to do so. According to the PCI DSS E-commerce Guidelines, merchants should make sure that specific responsibilities regarding data security are outlined in any service agreement signed with a third party.
Whether you are dealing with POS credit card processing software in a brick-and-mortar location or a Web portal, customer payment information must remain secure. Otherwise, businesses will not be able to maintain the trust of consumers and won’t be able to keep their doors open or the websites live.
Make sure that prior to signing on with any third-party provider you know exactly what security measures they put in place and how that might affect any IT assets you have already deployed. You should also maintain regular communications early on to address any unexpected bugs in the system.