Welcome, Guest |   Sign In   |   Register  
 
Print Email Page RSS Feeds

Posted Date: 2/5/2013

PCI Council Publishes E-commerce Tech Guide

The PCI Security Standards Council (PCI SSC), has published the PCI DSS E-commerce Guidelines Information Supplement, a product of the E-commerce Security Special Interest Group (SIG). Solution providers can use this resource to educate their customers about how to best secure consumer payment data and suppport PCI DSS compliance efforts.
 
PCI Special Interest Groups (SIGs) are community-driven initiatives that provide additional guidance and clarifications or improvements to the PCI Standards and supporting programs.
 
In 2012, PCI Participating Organizations selected e-commerce security as a key area to address via the SIG process. More than 60 global organizations representing banks, merchants, security assessors and technology vendors collaborated to produce  guidance that will help organizations better understand their responsibilities when it comes to PCI DSS;  the risks they need to evaluate when considering ecommerce solutions; and how to determine their PCI DSS scope.
 
The PCI DSS E-commerce Guidelines Information Supplement provides an introduction to e-commerce security and guidance around the following primary areas and objectives:
 
E-commerce Overview – provides merchants and third parties with explanation of typical e-commerce components and common implementations and outlines high-level PCI DSS scoping guidance to be considered for each.
 
Common Vulnerabilities in E-commerce Environments – educates merchants on vulnerabilities often found in web applications (such as e-commerce shopping carts) so they can emphasize security when developing or choosing e-commerce software and services.
 
Recommendations - provides merchants with best practices to secure their e-commerce environments, as well as list of recommended industry and PCI SSC resources to leverage in e-commerce security efforts.
 
The document also includes two appendices to address specific PCI DSS requirements and implementation scenarios:
 
PCI DSS Guidance for E-commerce Environments – provides high-level e-commerce guidance that corresponds to the main categories of PCI DSS requirements; includes chart to help organizations identify and document which PCI DSS responsibilities are those of the merchant and which are the responsibility of any e-commerce payment processor.
 
Merchant and Third-Party PCI DSS Responsibilities – for outsourced or “hybrid” e-commerce environments, includes sample checklist that merchants can use to identify which party is responsible for compliance and specify the details on the evidence of compliance.
 
The information supplement can be downloaded from the documents library on the PCI SSC website at www.pcisecuritystandards.org/security_standards/documents.php.

Rate this Content (5 Being the Best)
12345
Current rating: 0 (0 ratings)
 


New Managed Services Driving Mobile Solutions New Managed Services Driving Mobile Solutions
VSR and AVG examine how BYOD services and Mobile Device Management tools can be used to secure mobile product offerings, boost revenue for solution providers and alleviate the headaches end-users face when investing and implementing new mobile technology.
Download Now

Hospitality Technology Handbook 2014 Hospitality Technology Handbook 2014
Hospitality technology resellers face a market that is constantly in a state of flux with customers whose businesses can rise and fall in an instant. VSR speaks to HT leaders to find out how VARs can succeed in this exciting and challenging market.
Download Now



All materials on this site Copyright Edgell Communications. All rights reserved.