Calls have been made for a compliance logo to be created for Payment Card Industry Data Security Standard (PCI DSS) accredited companies to display.
As part of its recommendations to the PCI DSS Council, Imperva called for a compliance logo for consumers, as companies cannot articulate their security efforts to consumers, and consumers are not aware of the compliance status of the retailers they do business with. As a consequence, companies cannot leverage their investment in PCI compliance to gain competitive advantage.
Imperva CTO Amichai Shulman said: “When we asked respondents about what they expect to get or value when they are accredited, almost all expected to gain from consumers. One incentive that is missing will give a competitive edge to consumers and the council should have a method to externalise to show compliance.
“They should have a logo to show that they are ‘PCI compliant' that will show a commitment from the assessors for stricter guidelines. An agreement between the council and those who assess who is compliant should be made, and certification should be clear and companies should get certificates because the consumer can see that it cares about its user information and protects it.”
In agreement was Colleen Kulhanek, director of marketing at Shavlik Technologies. She said: “A certificate or logo identifying a merchant as PCI compliant would go a long way toward building awareness amongst consumers around the importance of safe online shopping and the protection of their credit card information.
“The ‘https' in the URL and the closed padlock symbol have gone a long way in giving consumers confidence that their information is passing securely from the website to the merchant, and now they need to know that once their information reaches the merchant it continues to be protected.”
Kulhanek claimed that even though the achievement of PCI compliance alone does not guarantee all of the necessary computer security precautions have been implemented by a particular merchant, it does demonstrate that they are investing time, money and resources to protect their customers' data.
“In addition, an industry standard symbol that indicates PCI compliance would allow merchants to show a competitive differentiation and grow and strengthen their business as a result,” said Kulhanek.