There are few things more important for ecommerce sites than being PCI DSS compliant. The problem is that many companies doing business on the Internet are not aware of what being compliant means. PCI DSS stands for Payment Card Industry (PCI) Data Security Standard (DSS). It was developed by major credit card companies as a guideline to help companies and organizations that process card payments prevent credit card fraud, hacking and various other security infringements.
If a company processing, storing or transmitting credit card numbers is not PCI DSS compliant, they risk losing the ability to process these payments. Noncompliant firms potentially face fines of up to $500,000 per incident. Even if a company has made strides for compliancy, the job is never quite finished. Merchants and service providers must regularly validate compliance with an audit by a PCI DSS Qualified Security Assessor (QSA) company.
Ecommerce firms are left in a bit of a quandary, as they must find products or technologies that can help them meet the standard's requirements. This is made more difficult by the fact that no product is PCI compliant; compliance is met by members, merchants or service providers, not by products. There is no single product, service or technology that can address all aspects of the standard, leaving the affected parties to search for a variety of tools to create a solution.
When evaluating solutions to comply with the standard, organizations should consider two key criteria: First, whether the product can help achieve compliance with the standard, and second, whether the product itself is secure and addresses various aspects of the PCI. The technical language of this subject can intimidate marketers and business operators and drive them from the problem, rather than attacking it head on. But it is imperative that you check out the end of this article to see what service providers can help. Without question, getting started on this problem sooner rather than later is recommended.
Marketers need to educate themselves about the problem before beginning discussions with services vendors. Talk to your IT team and find out their views. Go over what is known about the problem. Even though the dilemma is complicated, the PCI DSS standards can be summarized in 12 parts:
- Install and maintain a firewall.
- Do not use vendor-supplied defaults for system passwords and other security parameters.
- Protect stored data.
- Encrypt transmission of cardholder data and sensitive information across public networks.
- Use and regularly update anti-virus software.
- Develop and maintain secure systems and applications.
- Restrict access to data by business need-to-know.
- Assign a unique ID to each person with computer access.
- Restrict physical access to cardholder data.
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
- Maintain a policy that addresses information security.
For additional general information:
PCI Security Standards Council, LLC
401 Edgewater Place, Suite 600
Wakefield, MA 01880
Vendors to contact for more info:
915 South 500 East Suite 200
American Fork, UT 84003
860 Napa Valley Corporate Way, Suite R
Napa, CA 94558
Toll Free 877-302-9965
OPNET Technologies, Inc.
7255 Woodmont Avenue
Bethesda, MD 20814
1801 North Glenville Drive
Richardson, TX 75081
Toll Free 866-233-7569
Customer support: 866-433-7569
120 N LaSalle Street, Ste. 1250
Chicago, IL 60602
487 East Middlefield Road
Mountain View, CA 94043
Ecora Software Corp.
2 International Drive
Portsmouth, NH 03801
8320 Old Courthouse Road, Suite 201
Vienna, VA 22182
5 Clock Tower Place, Suite 400
Maynard , MA 01754
Toll Free: 800-231-8224
Entire contents ©2016, Sumner Communications, Inc. (203)
748-2050. All rights reserved. No part of this service may be
any form without the express written permission of Sumner Communications,
Inc. except that an individual may download and/or forward articles
to a reasonable number of recipients for personal,