Digital Doomsday


Picture this if you can endure it, for a short moment. Customers have lost confidence in your business leading to diminished sales. The business faces legal costs, fines and penalties. Jobs are lost and then with a lack of finance and a respectable reputation, you go out of business altogether.


Cyber Crime

As reported by the National Cyber Security Centre ‘businesses across the UK are being targeted by cyber criminals every day and the scale and size of the threat is growing, which risks damaging profits and customer confidence. ‘[1] Recent reported attacks demonstrate the scale and scope of cybercrime. Consider the targeting of Parliaments email system in an attempt to access the accounts of MP’s or University College London hit by a ransomware incident and the global WannaCry ransomware attack that crippled the NHS.

Success in minimising the effects of an attack is largely dependent upon the preventative methods employed in anticipation of a cyber-attack. [2]  The National Cyber Security Centre advises on areas that businesses could focus on to improve their cyber security, such as businesses providing ‘guidance on acceptably strong passwords, formal policies on managing cyber security risk, cyber security training and planning for an attack with a cyber-security incident management plan.[3] Strategically plan for a worst-case scenario, aligning data processes and management to the latest in compliance standards.


Duty of Care

The biggest exposure to a cyber-attack facing UK retailers stems from its online transactions. Aligning infrastructure, policies and procedures to the latest in compliance standards for card payments, significantly reduces the risk of a breech. The PCI Security Standards Council, state that ‘the best way to maximise security of cardholder data is to continuously monitor and enforce the use of controls specified in the PCI Data Security Standard.’ [4]


The Challenge

PCI compliance is a challenge for retailers, working through the myriad of rules and regulations. Yet, there is a duty of care to protect customer data, as commented by Bob Russo, general manager at PCI SSC ‘everyone involved in the payment process has a duty to customers to protect their data to the highest standards’.[5] The safest way to ensure that data is protected to the highest standards is by meeting the payment card industry security standards.

Achieved through employing a PCI Council, Qualified Security Assessor (QSA), the QSA performs on-site PCI Data Security Standard assessments. When the necessary standards are met, the QSA issues an Attestation of Compliance. The certification declares a business’s compliance status with the Payment Card Industry Data Security Standard (PCI DSS), providing reassurance for a business and its customers that card payment information is safe and secure.


Online Exposure

The secure management of card payments and compliance to major standards is crucial in an increasingly digital economy. eCommerce is consistently driving retail sales forward with statistics showing that UK online sales reached £60.43 billion in 2016 [6], and that 77% of adults bought goods and services online in the last 12 months [7]. The importance of card payment security will not diminish, with online security issues such as mobile payment security being an increasing challenge for retailers. Online exposure is not unique to retailers, it is an element virtually all UK businesses encounter [8] through employing online services in some form, such as having a website, email address, social media page or through holding customer data electronically, or having the facility to order, book or pay online. Online content makes business vulnerable to cyber security risks. Yet, with the risks associated with online activity, only 58% of businesses have sought information, advice or guidance on the cyber security threats facing their organisations over the past year. [9] With nearly half of all UK businesses suffering a cyber-breach or attack in the past 12 months [10], compliance to the latest standards in security is essential. The risks associated with a breach or attack are profound, a business cannot overlook security if it wants to be safe and secure.


PCI Confidence

Assurance of data security is fulfilled with adherence to PCI standards. Involving card data being secure from the moment it is captured and then flows into the system. Guaranteeing card safety and security are a result of PCI compliance yet it is also an important step in preparing for the approaching enforcement of General Data Protection Regulation (GDPR). An Attestation of Compliance covers aspects of GDPR such as the security of processing. When it comes into effect, GDPR will be legislation that businesses cannot ignore. Taking an aggressive strategy towards card payment protection now is a positive step towards being ready for GDPR legislation.


At Maginus, we have already undertaken vigorous testing with a QSA and have been awarded an Attestation of Compliance. Our customers can be assured that their data is under vigorous protection. IRM were chosen as Maginus’ QSA, with the assessor commenting that ‘Maginus sailed through the audit due to their readiness for the assessment and their dedication to the overall objective, they had prepared prior to the audit, and were fully engaged throughout the whole process. Maginus have security at the forefront of all their activities which was great to see.’

Maginus’ customers can be confident in the knowledge that their data is hosted and protected by Maginus to the latest compliance standards.