GROWING concerns over the safety of internet trading, fraud and identity theft have been met by new security standards. But Guernsey companies have been warned they could face heavy penalties for non-compliance if they don’t understand them.

The Payment Card Industry Data Security Standard is currently being introduced globally by Visa and Mastercard and it will soon be a requirement for all retailers to be PCI-compliant.

It came out of a recent House of Lords Science and Technology Committee report.

The corresponding Get Safe Online government study found that 21% of respondents felt most at risk from net crime, while only 16% worried most about being burgled.

The report calls on the UK Government to do more to protect internet users from the threat of e-crime.

But Mark Stewart, sales director of Channel Island IT security specialist Evolution Systems, said there were already measures in place of which the public might not be aware.

The company has recently presented proposals to the States of Jersey on a system that could ensure better protection for Channel Island residents.

‘There are solutions to these problems and ways in which businesses can reduce the risk associated with internet trading and further steps that companies can take to ensure full compliance,’ he said.

Mr Stewart, whose company is an accredited auditor for PCI-DSS, said its introduction would make online and offline trading safer for consumers and vendors.

‘Large level merchants, payment processors, acquirers and related financial entities must now comply with the standard or face heavy fines and disruption to their business,’ he said.

‘Penalties are being levied for security incidents and non-compliance and these fines can be ongoing until compliance is achieved. Examples of recent and high-profile breaches of security can have a serious impact on a company’s reputation and customer confidence.’

Mr Stewart believes there is a considerable amount of confusion in the local market place due to a lack of knowledge about gaining compliance.

‘With PCI-DSS demanding in excess of 170 individual testing points and even small changes in IT infrastructure potentially causing a company to fall into non-compliance, the efforts to attain it have appeared daunting,’ he said.

However, companies such as Evolution Systems provide an audit process to ensure maximum security and to help businesses avoid the pit-falls.