WHITE PAPERFor example, Visa distinguishes four levels of merchants for PCI compliance purposes: Failure to certify compliance in timely fashion is not the only source of PCI Standard penalties. …Read more
PCI Update NewsletterIf you have any issues/complaints (or even praise) for the QSA you are using – please complete and submit the form. Reminder: MasterCard’s new requirements for Level 1 & 2 merchants. means that effective 31 December 2010, all “PCI DSS Compliance is not a destination, it’s a journey” …Read more
PCI Standards: PCI Standards: PCI Standards: PCI Standards …Impacting Compliance. 6. Q&A. Slide 3. 3. Identity Theft Complaints. Identity Theft Complaints in PCI Compliance? s Who in PCI Compliance? s Who in PCI Compliance? …Read more
PCI Regulatory Compliance ModelPCI Compliance regulation is a process developed for organizations that carry out credit Compliance Model to alleviate the potential risks involved in …Read more
What is PCI Regulatory Compliance? “PCI Data Security Standard (DSS) is a set of PCI Compliance regulation is a process developed for organizations that carry out credit …Read more
2010 Visa PIN Security Compliance Validation Training and …information security specialists responsible for ensuring compliance with the PCI PIN of the PCI PIN Security Requirements, providing internal and external assessors with …Read more
Why does the PCI remind me of my mother?holding them back, compliance is in the interests of the e PCI DSS compliance must be enforced anyway, re- gardless of these—legitimate—complaints
The Current State Of Online Security For Online Merchants
The Internet has made almost everything possible. One of the conveniences of today’s connected world is the ability to purchase just about anything online, no matter where the supplier may be. Yet, even as e-commerce applications become more and more advanced, there will always be vulnerabilities that cyber criminals could exploit.
The Internet Crime Complaint Center reports that it had 200,000 cyber crime complaints in 2006, amounting to about $194 million in monetary losses. The number of cases has risen to more than 275,000 cases by the end of 2008, representing a year on year increase of about 33%. The total monetary losses in 2008 from cyber crime were estimated to top $265 million.
Because of this, consumers have a right to be paranoid about where and how they give their personal information when they make their purchases online. Going back to the 2008 report by the Internet Crime Complaint Center, websites were used by 29% of cyber criminals to carry out their felonies.
For online merchants, not addressing this security concern is more likely to lead to potential losses from lost sales and real losses from remediation and fraudulent activities. Fortunately, there are organizations that help assure the public that an online merchant’s site is safe and secure.
One such organization is the PCI Security Standards Council, a global group that oversees the enhancement, development, promotion, storage, and dissemination of standards for security of accounts and data. The PCI SSC was put together by the world’s biggest credit card providers: Discover Financial Services, JCB International, MasterCard Worldwide, Visa, and American Express. Full compliance of PCI standards ensures that a Web merchant fully protects their customers’ account data, thereby increasing their customers’ confidence and limiting or avoiding their liabilities to financial loss.
One of the many ways to gain PCI Standards compliance is the use of a Web application firewall, a more focused firewall that inspects the data contained in an HTTP transmission. This makes it possible to block data from specified Web sites, viruses, Trojans, and other attempts to exploit vulnerabilities in an application. The beauty of this Web application is that it is fully customizable and configurable to block all data that an online merchant deems dangerous and unwanted, without notifying the sender of the data. This helps in preventing hackers from getting into a merchant’s system.
If your hosting company does not provide you with one, then look for another that does. Anybody running a website and dealing with customers should avail of the protection being provided by Web application firewalls. This is because technology evolves and changes constantly; leaving a lot of room for new vulnerabilities to arise. Even content management systems such as WordPress and Drupal are not exempted from this. A Web application firewall can easily give you — and your customers — the peace of mind of being fully secured.
