Jessica Davison "Online Businesses Face Credit Card Security Deadline"

Bednarz, Ann. "Online Businesses Face Credit Card Security Deadline." Network World 13 June 2005 16 Oct 2007 .

This article focused on the importance of secure online networks for consumers and for businesses. In particular, it focused on the deadline for secure networks that major credit card companies put in place for online retailers. The major credit card companies which included: American Express, Discover, MasterCard, and Visa “jointly created the Payment Card Industry (PCI) data security standard. The PCI standard applied to retailers, payment processors, and financial institutions”.

The PCI standard went into effect on June 30, 2005 and “consisted of 12 technology requirements for securing networks and applications, protecting cardholder data, maintaining a vulnerability management program, and regularly validating compliance via a third-party assessment.” This standard was fairly simple for major e-tailors to comply with because it consolidated the different security requirements of the various credit card companies into a standard set of requirements from all. However, some online retailers were not prepared to meet the new requirements and would face large penalties for non-compliance.

I found this article extremely interesting because we have discussed the importance of IT security throughout the course. This article seemed to be extremely relevant to all of us today, who do a lot of shopping and daily transactions online. I was very reassured to learn that online businesses could “face up to $500,000 in fines per incident if cardholder data is compromised and the merchant or service provider is not PCI-compliant.” Obviously, the financial institutions have recognized the importance of protecting individuals’ personal financial information and are taking security violations very seriously.

However, I also tried to see the security requirements from the perspective of the smaller online businesses. For many, compliance came at a high price depending on what existing security systems were in place. The article estimated that 2 months prior to the PCI requirements going into effect only about 30% of online vendors were up to the standard. “Particularly for smaller merchants, PCI compliance might require purchasing security products, such as encryption, access control, and activity monitoring and logging devices. There are also procedural mandates – such as the need to implement formal security policies and vulnerability management programs – that will require IT resources.”

Although I am extremely grateful that financial institutions recognized the need for standardized IT security practices, I could also see where these new restrictions might have been a tremendous burden for the many very small businesses that were started online. I remember seeing so many news stories of people who started one person operations that were trying to grow their businesses online. With the new IT restrictions I would think the ability to continue these very small ventures would be hindered.

Despite all of this I have concluded that PCI has had a positive long term effect. We all have a better chance of keeping our credit card information safe and the PCI mandates have allowed for new business opportunities for IT firms. These firms helped enable businesses to come into compliance by helping to encrypt and protect the databases that hold consumers valuable information; information that is also critical to the survival of the online businesses.