In the wake of the NSA scandal, individuals are more insecure than ever before about their personal information. Those who take an extreme view of the situation may believe that none of their online activity is private. While this can certainly be debated for some time (and likely will) the simple idea that some have concerning our online privacy can open the door for some very serious discussions, particularly those pertaining to online transactions.
If this is indeed an era where people feel uncomfortable putting personal information out over the internet, the results could prove to be challenging to vendors with a heavy emphasis on eCommerce. PCI compliance is of the utmost importance right now, because vendors have to prove that they can protect customer information. If they cannot stand by that claim, they will have a difficult time obtaining new business.
Recently, an article in the government blog Roll Call addressed this very issue. Representing the payment processing side, Jason Oxman, the article's author, stressed that there are leaders in the vendor community who have made it their personal responsibility to ensure the security of their customers' information. Ultimately, the purpose of his piece was to warn the government to steer clear of online activity related to the private sector, suggesting the industry as a whole knows how to police itself.
"The payments industry understands the importance of protecting networks and data, and we have a long history of developing innovative solutions to ensure privacy and security in transactions," he wrote. "In fact, the standards set by the payments industry to ensure customer privacy are a model of security, and a real-world example of the ability of the private sector to regulate itself. While we must protect our nation's online infrastructure, we also must protect the private sector from further government encroachment."
The question is, how do vendors ensure that they are protecting customer data so they can both ease the fears of their buyers and eliminate government interference? The best way to do so is to mitigate the risk of a targeted attack. This is best done through payment tokenization, which can create an area for customer information to exist outside of the vendor's internal systems. Using this solution will help merchants in their PCI compliance efforts while also offering a level of security customers have grown to expect.