Protecting customer credit card data and then telling customers that you’re doing so should be a top priority for online retailers this year.
First, protecting your customers’ data is an ethical responsibility. If you’re selling products online and accepting credit card data, you should keep that data safe.
Second, you’ve agreed to do it. If you have a merchant account, read the fine print. As a merchant that accepts credit cards, you agreed to protect customer card information and comply with the Payment Card Industry’s (PCI) standards. You are contractually on the hook.
What’s more, when you do take steps to protect shoppers, you can tell them that in your onsite marketing, outbound promotion, or blog. Letting potential customers know that you’ve gone out of your way to protect their credit card data will help to build trust and boost sales.
So how do you do it? How do you keep customer card data secure? How do you meet PCI requirements?
One way is to work with trusted third parties that reduce your scope (responsibility) and ensure that card data is managed well. One such provider is CRE Secure. The company’s PCI-certified hosted checkout puts a premium on visual continuity and security, earning it four out of a possible five stars in this, “The PEC Review.”
“The PEC Review” is my weekly column to introduce you to the products or services I believe can help you improve your ecommerce operation. This week, meet CRE Secure.
What CRE Secure Does
For most pure-play online retailers, CRE Secure is an all-in-one PCI solution that both ensures your customers’ data is safe and helps you meet all of your PCI compliance requirements.
Functionally, when shoppers visit a store equipped with CRE Secure, they shop as normal, loading items into the store’s shopping cart or bag. When they are ready to make a purchase they click “checkout” and are redirected to a PCI compliant, secure hosting environment at CRE Secure’s data center.
Quite literally, the shoppers have left the store they were on and have been redirected to CRE Secure.
Visually, almost nothing will have changed. CRE Secure goes out of its way (except in one area) to match a merchant’s site exactly. The retailer can even create a custom sub-domain so that the store’s name appears in the address bar.
Once the transaction is complete, an approval code is passed to the merchant’s ecommerce platform, and the shopper is seamlessly redirected back to the retailer’s site. Because the transaction took place on CRE Secure’s web servers, the merchant is not responsible for further PCI compliance and gets to market that it uses a PCI DSS certified checkout solution.
Even a multi-channel retailer can benefit, since CRE Secure takes all online transactions out of scope as far as PCI compliance is concerned. And since CRE Secure can be integrated into desktop or server-based applications, merchants with call centers can effectively limit scope to just an operator’s terminal, rather than having to certify an entire network.
One of the complaints about any kind of hosted checkout is that it doesn’t resemble the merchant’s website and that merchant loses control over the page content.
CRE Secure goes out of its way to imitate (clone is not too strong of a word) the merchant’s site, bringing in site navigation, graphics, sidebars, you name it. In fact, every example I saw was essentially identical to the retailer’s site in appearance.
Price and Value
CRE Secure starts at $10 per month and 15 cents per transaction with a $20 setup fee. But this offering only allows for a meager 25 transactions per month, which means it is too limited for a serious merchant.
CRE Secure Pro, which runs $20 per month and 10 cents per transaction, gets you a little further with up to 250 monthly orders.
Busier merchants should contact CRE Secure directly to get price quotes. They could expect to pay $90 per month with no per transaction fees for 1,000 transactions; $170 per month for 2,000 transactions; or around $400 per month for 5,000 monthly transactions. Setup fees of $100 or more will apply, but integration should be more complete.
Compared to certifying an in-house network or using a secure host (shared hosting is almost never secure enough to meet PCI standards), CRE Secure is cost effective.
The company offers a secure and well-done application programming interface (API) so that nearly any retailer can enable the service.
Merchants using Magento, osCommerce, Zen Cart, XCart, or CRE Loaded (CRE Secure’s companion ecommerce platform) have near push-button integration that requires little technical skill.
CRE Secure is a compelling solution that can effectively solve all of an online merchant’s PCI concerns. The company does an exceptional job of cloning a merchant’s website to ensure visual continuity. And if a merchant is using a shared hosting environment, CRE Secure might just be the one of the best choices for meeting PCI requirements.