Payment fraud, where a consumer uses someone else’s payment details to make a purchase, is an increasing burden on the UK economy. According to the UK Cards Association, card fraud losses totalled £440 million in 2009 and despite a criminal committing the act, the liability for fraud often lies with the vendor, costing them the revenue from the purchase and often fines from card issuers. Aside from the financial consequences, reputations and customer loyalty which take years to build, can be seriously damaged if fraudulent activity occurs – especially if the business is not properly equipped to react effectively and immediate action is required on the part of the retailer to minimise any perception that customers’ personal financial information has been compromised.

Card fraud has become one of the major risks faced by retailers today, with the hardest hit being the small to medium operators who cannot afford in-house fraud prevention teams. In an attempt to mitigate this risk, the Payment Card Industry (PCI) issued the Data Security Standard (DSS): a rigorous testing programme to prevent fraudsters using stolen credit or debit card information.

It is mandatory for any organisation that electronically holds, transmits or processes credit card information to comply with this scheme.