It may seem like some sort of fable from ancient history, but here was a time in the early 1990s when almost no one was prepared to trade online because of fears over security. Public trust in the internet simply did not exist. How times have changed!
Today, the small matter of around two trillion dollars’ worth of B2C e-commerce is conducted around the world every year, and the figure is rising all the time. And that is just the business to consumer sector. Business to business is now conducted on an almost entirely digital basis. Some $12 trillion is the predicted global B2B figure for 2020.
Clearly, the level of public confidence in online security has improved. The irony in all this is that irrespective of the public mood, the volume and invasiveness of online attacks has never been greater. A heightened level of public confidence may be what underpins e-commerce as we know it, but it is also a key weakness in terms of enabling cyber crime.
A UK government report on e-crime in 2013 described the “thriving criminal ecosystem” with a global cost that it calculated at $388bn dollars a year. As a point of comparison, the study noted that this figure was greater than the entire global trade in heroin, cocaine and marijuana combined.
Serious cause for concern
In the face of this threat, cyber security is not something that anyone – whether acting as a business or a private individual – should take for granted. Whilst larger corporations are able to invest substantial sums in attempting to secure their operations, smaller concerns are inevitably more restricted in terms of what they can afford. At a time when smaller businesses are increasingly being targeted by fraudsters, this is a serious issue.
Fortunately, local security measures such as Web Application Firewalls (WAFs) are becoming increasingly affordable. At the same time, moves have been taken at an industry level to guarantee the financial security of all users. A notable success in this regard is the credit card sector’s Payment Card Industry Data Security Standard (PCI DSS). This represents a raft of security standards as agreed between Visa, MasterCard, Discover Financial Services, JCB International and American Express in 2004.
A global standard
Since that time any business seeking to transact using clients’ credit cards are obliged to obtain a PCI certification – a universal security standard, adopted by the Payment Card Industry (PCI) that defines how such sensitive data needs to be handle. Through PCI, the credit-card industry as a whole is able to both protect itself, to function reliably and – equally importantly – to maintain public faith in the security of e-commerce. Different sizes of business handle very different volumes of transactions and, in recognition of that fact, businesses are obliged to meet one of four different levels of compliance.
Having been in existence for over a decade, the PCI scheme has had to evolve to meet the ever-expanding demands made on it – both from a commercial perspective, as well as in terms of data security. The reassuring news for everyone concerned is that having set the scheme in place relatively early in the story of e-commerce, PCI certification continues to be at the leading edge of digital security. When it comes to security, most would agree that things have changed radically for the better since the pre e-commercial era.