05-14-21 | Blog Post
Over 80% of consumers seek products online and almost 90% of online shopping carts are abandoned before purchase. Consumer choice can be both decisive and brutal for the slow-footed retailer. McKinsey frames relevance in the new retail environment with 5 actions, the first being “double down on digital.” They go on to say that up to 50% of retailers are prioritizing a mobile app or point of sale (POS) experience this year. Cloud services can provide a secure, economically viable POS/retail app backend and meet essential PCI compliance requirements.
Shining a Light on the Darkside of Online Retail
A Forbes article shares ACI’s report of last year’s 209% YoY global growth for online retail and e-commerce. Sporting goods increased almost 600%. Crafts and “wine” 900%. (Considering 2020, that wine stat shocks no one.) With massive growth in online retail comes significant growth in fraud and breaches. There were almost 4000 Breaches in 2020 with some impacting particularly massive numbers of records. February 2020 MGM resorts 10.6M records, April 2020 500K Zoom accounts, July 2020 60K customer records at Ancestry.com (all reported by Identity Force.) Big breaches often reflect PCI compliance issues and penalties. No one in retail needs to be reminded of the 2013 Target loss of data on 40M credit cards and the resulting $18.5M settlement and $202M in legal fees. Interesting though that 5 years later, in 2018 it was reported that “91% of retailers did not comply with the [PCI] Data Security Standard.” Working with a certified PCI compliant cloud provider can be a major factor in assuring your retail business stays compliant.
Every Link in the Chain Needs to be PCI Compliant
If the cloud has become a key to building the next gen of competitive, secure and cost-effective online retail, then the PCI SSC Cloud Computing Guidelines provide what should be considered minimum network and storage requirements. Remember, PCI requirements state that your compliance responsibilities include all vendors and 3rd parties involved in handling records and payments. To bring your business in line with PCI, it may be in the best interest of the organization to partner with a vendor that can assist you with the following:
Additional Information
To understand more about how security and compliance can save you and your customers, you might be interested in watching the Otava Security and Compliance Webinar (full recording and presentation)
PCI DSS 4.0 and Cloud Services
PCI DSS 4.0, the proposed revision to the Payment Card Industry Data Security Standards V3.2.1, is currently scheduled for completion by mid-2021
Cloud-based cybercrime: Is there hope?
It seems almost weekly there is new information related to cybercrime and the cloud.
Video: Ransomware preparedness with Otava, Veeam and MSPs: Our panel covered many topics in a roundtable-style discussion, starting first by reviewing the main strains of ransomware prevalent in the industry today, and what they’re seeing in terms of risk mitigation.