Study reveals the importance of payment security for ecommerce merchants

Study reveals the importance of payment security for ecommerce merchants

A new study by the Visa company Cybersource and data security and compliance firm Trustwave revealed that nearly 70 percent of ecommerce merchants said protecting their brand was the most important reason for bolstering their defenses against hackers and payment security risks.

The online questionnaire was conducted from December 6, 2010 to January 31, 2011. Of the companies surveyed, 26 percent indicated avoiding fines from non-compliance with the Payment Card Industry Data Security Standard was their main concern.

"A breach has serious consequences for nearly every division of an ecommerce merchant's organization," said Dayna Ford, senior director of product management at CyberSource. "But by far the most damaging impact is to the company's brand, affecting revenue, customer loyalty, and even stock valuation."

As a way to combat these growing security concerns, many organizations plan to remove payment data from their system to reduce threats. According to the study, companies that do not "capture, transmit, or store data inside their own network tend to employ fewer personnel, validate PCI DSS compliance more quickly and operate at a lower overall cost of payment security management."

Of these companies considered "Data Out" merchants, 75 percent of PCI DSS Level 1 companies that have removed payment data from their infrastructure spend less than $500,000 on security, while 60 percent of merchants that keep data stored on its network fall into this category.

Although external threats from hackers continue to be on the minds of merchants, internal threats are also worrisome. According to the study, survey participants said the risk of payment data theft from their employees was nearly as great as the threat from hackers.

"In the face of increasing numbers of security breaches and data theft, there's a real urgency for organizations to deploy powerful and effective security strategies," said James Paul, senior vice president of global compliance services at Trustwave.

While ecommerce companies have identified protecting their brand from internal and external threats, consumer spending is on the rise and is expected to reach new levels, thus placing greater emphasis on security. In an interview with Practical Ecommerce, Joanne Bethlamy, director of the internet business solutions group at Cisco, said the U.S. ecommerce market is expected to reach more than $450 billion by 2015, while the global market is projected to reach $1.4 trillion.