Ecommerce sites face security crackdown

Online shops face increasing regulation, with credit card companies handing down strict guidelines on the protection of customer data.

After 30 June, companies selling goods online will be required to apply annually for certification under the new tighter guidelines – providing consumers with greater guarantees of security when transacting online.

Mastercard, Visa and American Express are all involved in the scheme, which is intended to encourage more shoppers to spend online and counter some recent negative publicity relating to the security of data provided online – such as Bank of America's lost accounts, the attempted e-heist at Sumitomo Bank and past data protection issues involving the likes of Argos, B&Q and utility firm Powergen.

Firms processing more than 20,000 transactions per year will be required to scan their networks each quarter and conduct annual audits of their compliance with the standards in order to qualify for certification.

Non-compliance will mean e-tailers will be unable to process transactions with the credit card companies – cutting off their livelihood over night, or forcing them to involve customers in more convoluted processes such as sending cheques or making money transfers – neither of which will appeal to merchant or customer due to extra time, costs and liability associated with such methods.

Christian Robinson, MD of online gadget superstore Firebox.com, told silicon.com: "Firebox.com supports the moves from credit card issuers to tighten security procedures across online merchants. Essentially the new PCI Data Security Standards formalise a set of good working practices that professional online retailers should already be following."

"However, it's worth noting that even merchants strictly following the recommended data security procedures will still ultimately bear the risk of fraudulent transactions - it would be good to see more work being done in this area by card issuers," added Robinson.