Ensuring PCI Compliance with CyberSource | Clarity

CyberSource Tokenization Makes Security and Compliance Simpler for eCommerce Businesses

Ensure your business is meeting PCI compliance requirements with CyberSource.

CyberSourceMerchants of all sizes face extraordinary demands on their eCommerce software that include PCI compliance, but eCommerce is even more challenging for bigger B2B companies with robust catalogs of goods and services that are frequently ordered, reordered and subject to ongoing payments like subscriptions for magazines or SaaS products. That's why many merchants choose CyberSource tokenization, which replaces sensitive data with unique identifiers or tokens that work online like payments but can't be mathematically decoded if hacked or intercepted.[1] The real payment data are stored on secure servers and never transmitted online.

Compliance Issues for Merchants and eCommerce Software

Any merchant must comply with the various credit card associations and payment networks to accept online payments, and these rules have been standardized under the Payment Card Industry Data Security Standard or PCI DSS.[2] Customers usually pay for products or services through POS systems, but the merchants are responsible for keeping that information safe and confidential. Complying with PCI DSS limits a company's scope in cases of data breaches. The payment companies require PCI compliance if companies are to stay authorized to accept payments through these payment services. Governmental authorities use PCI DSS and often impose further restrictions for compliance, so administrators face demands for securing financial information from both governments and financial partners -- both in-house and off-premises through a secure network, best practices and internal safeguards.

Tokenization and Compliance

CyberSource PCI complianceCompliance issues can be partially solved by adopting CyberSource tokenization, which replaces customer information with a token that can't be reverse-engineered. Merchants send these tokens to their payment processors in lieu of credit card data, so the customers’ payment information remains securely in-house. The tokens can be retained for ongoing payments, which is a big advantage for merchants with repeat customers. The other benefits of using CyberSource include the ability to reconcile chargebacks without transmitting payment data. However, to comply with the CyberSource Merchant Services Agreement, administrators must validate their PCI DSS compliance with a Qualified Security Assessor, install and maintain a firewall, replace default vendor passwords and restrict and monitor access to financial data in-house. Other PCI and CyberSource requirements include:

  • Protecting systems against malware and internal hacks
  • Putting protocols in place to identify and authenticate access to each system's components
  • Updating antivirus software regularly
  • Monitoring all systems 24/7 including cardholder data and network resources
  • Maintaining an information security policy
  • Testing systems and programs regularly
  • Restricting physical access to servers and payment data
  • Big Demands for eCommerce Software

Using simple, out-of-the-box eCommerce software solutions generates almost as many problems for eCommerce and B2B companies as it solves. Administrators can limit their scope and ensure compliance by choosing powerful and customizable eCommerce software that handles PCI and CyberSource requirements intuitively while tailoring marketing and sales solutions for their businesses. Compliance issues often conflict with the demands of modern eCommerce for medium-sized businesses and B2B companies that have customers who want access to further information, extensive catalogs of products, third-party applications and their ordering histories.

Maintaining Security

CyberSource PCI securityIt's essential for any eCommerce platform to maintain security with compensating controls, automatic alerts, internal safeguards, mandatory password-changing policies and automatic security updates. In 2015, Verizon's annual report on compliance and security found that 80 percent of eCommerce companies failed their interim assessments for sustaining their security controls.[3] In that study, a PwC survey was quoted that showed there were 43 million security breaches in 2014 despite stricter PCI standards in place for 10 years. Customers are the lifeblood of any company, and eCommerce companies want to meet or exceed security standards to provide their customers with trusted ordering platforms. The best eCommerce software reminds administrators of crucial upgrades and best practices for security.

Different Regulations

In the global eCommerce ecosphere, administrators can face unusual regulations in some foreign districts that add more compliance issues to their plates. Any eCommerce platform needs to update its policies when regulations change or new restrictions apply. The software has to be able to handle multiple regulation sets that apply to some customers and not to others.

Support for Expanded Customer Service

CyberSource PCI customer serviceDespite security compliance issues, customers want access to content and third-party applications. Many customers come from social media, so any business eCommerce platform needs to integrate well with social media pages. Business software needs to connect with people, vendors, machines, third-party apps and business intelligence sources while having enough flexibility to allow customer collaboration, automatic ordering and customer service automation. Intuitive software can automatically alert someone in human resources or sales when personal assistance is necessary to close a sale or satisfy a customer's concerns.

Marketing Tools

Websites aren't just static platforms for placing secure orders -- customers expect