Research just out today from Symantec indicated that the UK's online economy is suffering from a serious lack of confidence. Two thirds of consumers believe that they at risk from online fraud, and 30% agree that Internet security concerns prevent them making online transactions. This is worrying but not surprising.
What's the answer? Two things: higher security standards and better assurance for consumers that the standards are being applied. But we already have this in the PCI (Payment Card Industry) Security Standard. And it's been around for a couple of years. So why is not being applied? Several reasons: it's tough, it's highly prescriptive, it's expensive, and it's not been strictly enforced so far.
Prescriptive approaches always generate pushback, but they do ensure that organisations pay more than lip service to security. Most prudent organisations are responding to the PCI Standard, but slowly and reluctantly. Things will speed up when we see heavy fines being imposed. That's not happening just yet. But PCI Security Compliance is unlikely to go away. So keeping your head in the sand is not a sensible approach. The real shame is that we have to rely on heavily enforced standards to fix the problem. Because customer security concerns should be high on the agenda for every online business.