Recently news surfaced that one of our main competitors, EKM powershop, have had to dramatically change the way their software works as it was revealed during a PCI audit that some store owners had been storing sensitive credit card information within their store database and then not removing the data after it had been processed via an offline terminal.
Now for quite some time Visa and Mastercard have been pushing the regulatory standards behind PCI compliance for the simple reason it is there to protect cardholder data from fraud and misuse. In addition, it has been the case for a long while that storing the full card details including the CV2 code for longer than is necessary to complete the transaction was a practice to be avoided at all costs.
The net result of the EKM powershop audit was that their own proprietary gatway allowed store owners to obtain card details and then process the transaction offline through a terminal. They also advised customers to immediately delete card details after they had been processed.
Now there are two separate issues at play here…
Firstly the very fact that the software allowed card details to be stored in the first place is not a great practice to follow. EKM powershop are not alone in this scenario as there are a number of eCommerce software packages out there which allow store owners to do this. The crux of the matter is that the practice renders the software users in possible breach of PCI guidelines.
Secondly EKM powershop had to act swiftly to remove this gateway as it had transpired that certain customers were not removing card details after they had been processed. This is in breach of the PCI guidelines and these merchants were leaving themselves open to fines and possible withdrawal of their merchant service.
Personally I feel that the store owners have been cut a raw deal here. The fact that the software allowed them to store card information in the first place simply should not have been available as an option. Granted that the merchants were putting themselves in the firing line by not deleting the card details but software vendors such as EKM powershop and ourselves have a responsibility to their users that the software does the job required without raising possible security issues. There has obviously been a failure here…
For the record, our eCommerce software does not nor ever will store any kind of card information within its database or files. This is simply to protect the cardholder and the store owner from this type of situation. With all this in mind I am willing to make the following offer to any EKM powershop store owner affected by this issue.,..
If you are considering changing to an alternative software provider I am willing to offer a 20% discount on our license fees and design services plus import as much data as possible from your current EKM powershop store.
If anyone wishes to take up this offer I will need clear tangible evidence that you are an EKM powershop store owner. For more information or to claim the discount voucher, please contact us through our support help desk
I don’t normally do this with competitors but on this occasion I personally feel the situation is quite shocking and a lot of people have been let down for a variety of reasons hence the offer of support…
MD – Open Mind Commerce