FT.com / Companies unaware of credit card security obligations

Companies unaware of credit card security obligations

By Jonathan Moules

Published: October 10 2008 20:23 | Last updated: October 10 2008 20:23

Business owners that handle or store credit card details are putting themselves at risk of a fine by not complying with industry security standards, an employers body has warned.

Any company processing, storing or transmitting payment card data must comply with the Payment Card Industry Data Security Standard (PCI DSS), developed by the leading credit card companies to prevent fraud and other security threats.

However, the Forum of Private Business has found that a number of its members were ignorant of the standard.

The first that Stuart Hamilton, of tool company Hamilton Beverstock, knew about PCI DSS was when he received a letter from Barclaycard last month.

“Like me, many retailers I’ve spoken to had no idea about this,” he said. “I don’t store any credit card details on a computer screen so I need to be physically secure, but they don’t say in the standard exactly what that level of that security is.”

A Barclaycard spokesman said the company had written to thousands of its merchants, alerting them to PCI DSS, and a special team was available to help with questions about compliance.

“We work with all of our customers to help them ensure that customer information is stored in the most secure way possible,” he said.

Financial losses from payment card fraud rose by 14 per cent to £301.7m in the first half of this year, according to the Association of Payments and Clearing Services.

Nick Palin, the FPB’s director of finance, said: “With instances of credit card fraud on the rise, it is important that businesses put in place water-tight security procedures.”

FT.com / Your money – Companies unaware of credit card security obligations