E-commerce, PCI DSS compliancy and the managed services provider

One of the biggest barriers to managed services adoption according to the Claranet Research Programme is data security, with seventy-one per cent of respondents saying it was an important concern to consider before migrating to a cloud provider.

For businesses reliant on e-commerce, the safeguarding of customer financial data is crucial in retaining customer trust. Without it nobody will buy from you, and it doesn’t matter who it is in the e-commerce transactional chain who messes up; if a customer bought from your site, any problems will be blamed on you.

Consequently the thinking amongst many IT managers seems to be that the closer data and process is to their chests, the safer it is, so they try to keep as much in-house as possible.

However, this logic isn’t necessarily sound. While everyone in a the e-commerce transaction chain (below) must be PCI DSS compliant in their own right, the burden of actually making sure all the key tenets of PCI DSS compliancy are enforced all the time, along with the management of internal infrastructure produces more pressure on in-house IT departments, ultimately leading to data security issues.

Sony’s well publicised PCI DSS failure, where thousands of individuals’ personal financial details were stolen in a security breach, happened despite being officially recognised as PCI DSS compliant.

Managed services providers on the other hand are experts in handling the day-to-day management of IT infrastructure based on strict processes, and have nothing to distract them from their task.

Despite PCI DSS compliancy’s importance, it is important to conduct due diligence on a company’s other processes, accreditations and status when deciding upon an e-commerce partner. These other factors are ultimately a barometer for how likely the framework of PCI DSS accreditation is to be adhered to.

Are they ITIL and ISO accredited? Have they the financial strength to support your company in the long-term? Will they allow your business the flexibility to expand in periods of peak demand? Will they offer you the right level of service?

If the answer is yes, they are likely not only to be PCI DSS accredited, but also to operate in a way that ensures your data is secure, so you can rely on your customers getting the best online shopping experience.

Written by James Grisbrook - Digital Communications Lead

James is the blog’s editor-in-chief and moderator, though you will occasionally find he has pitched in with a communications focused blog or two himself. Previously James worked for communications consultancy Bladonmore, and is enjoying being re-immersed in the IT world he thought he had left after he finished A-level IT. James also manages Claranet UK’s social media channels.