Why it's very important for the trading networks to undergo the PCI DSS certification

Why it's very important for the trading networks to undergo the PCI DSS certification

Globalization is on fast-forward, especially in the twenty-first century. This process has brought not only new stores but entire trading networks to the metropolises: clothing and electronic shops, all kinds of fast foods, gas stations, construction and grocery supermarkets. We will not overcharge the article by enumerating the trading network names, there are too many of them.

Trading networks have their stores or service points in all major cities. Besides stores, where you can come to and make a purchase, trading networks have the websites where you can buy any product you like without leaving your home or office.

All trading networks provide their clients with the opportunity for both cash and card payments.

Over the past few years, card payments are becoming more popular. The trading network management equips its cash-desks with the most modern POS terminals (card payment devices). These are certainly correct and very long-sighted actions.

However, the trading network representatives mistakenly think that the bank, which installed the POS terminals, is responsible for the payment security, fraud protection and compliance with the requirements of such international payment systems as Visa or MasterCard.

In fact, this is a direct responsibility of the trading network owner to ensure the cardholder data security and monitor the use of the POS terminal.

What does that mean?

It means that if the trading network cashier steals cardholder data, then it is the responsibility of the trading network not the bank.

This is a real anecdotal evidence which happened to one young man.

It was a normal working day. The young man stopped by a gas station. He poured gasoline and paid for it by his bank card.

After a while he received a text message stating that money had been withdrawn from his account for the refueling. A few minutes later he received another sms stating that he had transferred money from his card to someone else. However, he didn’t transfer anything; he was just driving to his office through the city.

While he was on his way to work, he received SMS. Someone transferred 200 UAH in his stead, in five minutes 400 UAH and then another 800 UAH. When he got to the office, several thousand hryvnias were withdrawn from the card. Then it was over because there was no money left on the account.

Naturally, this young man called his bank and explained the situation, which he managed to get into. A bank employee said that most likely the payment card data was transferred to an unauthorized person. He advised to monitor the card closely from now on. Moreover, he said the bank will not compensate for anything. The conversation was over.

In fact, the following happened: the filling station attendant made an electronic copy (copied all the data) of the card. Then, most likely, he quickly transferred this copy to other people – scammers. And they stole all the money from the card.

No store manager would like his sellers to do such things and his customers to lose money.

A bad reputation will go after not only the store but the whole trading network.


Get a free consultation with our experts

Contact us

What should the trading network managers do?

How to avoid such cases of stealing the cardholder data?

In order to avoid such cases, MasterCard Worldwide, Visa International, American Express and other leaders in the payment card market have developed the PCI DSS standard.

Trading networks must comply with the PCI DSS standard. The PCI DSS certificate availability is a security blanket. The risks are minimal or excluded!

When a trading network complies with the PCI DSS standard, then neither clients nor management should worry that something can happen with the money or personal data during the card payment.

Before completing a certificate of compliance with the PCI DSS standard, the trading network must implement all the procedures that this standard requires.

For example, the staff will only act on the instructions: do not take the customer’s card away, do not leave the POS terminal unattended. In addition, all staff will be tested for reliability.

The constant checking of POS terminals also will be implemented.  Each terminal will be monitored by CCTV camera.

The clarifications are occasionally released stating that trading networks must meet the PCI DSS standard requirements on a par with other international payment system participants.

Few people know about these clarifications, but we will help to remedy these shortcomings. You can learn more about these clarifications by clicking this link.

If your store makes at least one transaction, you must comply with the PCI DSS standard.

This requirement applies both to the traditional shops and online stores.

Why does an online store need the PCI DSS certificate?

A well-known trading network Zara fulfills all the payment card security requirements. It means that Zara annually and successfully undergoes the PCI DSS standard certification.

OKKO petrol station chain is our client. It has successfully undergone an audit for compliance with the PCI DSS standard and it is the certificate holder. You can read more about it on the OKKO website.

OKKO customers have no need to worry that someone will steal money from their cards.

The certificate of compliance with the PCI DSS standard is a security for the client and excellent reputation for the trading network.

Do you operate a trading network?

It’s very essential for you to have a certificate of compliance with the PCI DSS standard!

Our company invites the trading network representatives to undergo all the necessary procedures and complete a certificate of compliance with the PCI DSS standard.

By Oleksandr Kuberskii and Maria Osadcha

“IT Specialist” – G+


Get a free consultation with our experts