PCI Council Publishes E-commerce Tech Guide

— February 05, 2013

The PCI Security Standards Council (PCI SSC), has published the PCI DSS E-commerce Guidelines Information Supplement, a product of the E-commerce Security Special Interest Group (SIG). Solution providers can use this resource to educate their customers about how to best secure consumer payment data and suppport PCI DSS compliance efforts.
 
PCI Special Interest Groups (SIGs) are community-driven initiatives that provide additional guidance and clarifications or improvements to the PCI Standards and supporting programs.
 
In 2012, PCI Participating Organizations selected e-commerce security as a key area to address via the SIG process. More than 60 global organizations representing banks, merchants, security assessors and technology vendors collaborated to produce  guidance that will help organizations better understand their responsibilities when it comes to PCI DSS;  the risks they need to evaluate when considering ecommerce solutions; and how to determine their PCI DSS scope.
 
The PCI DSS E-commerce Guidelines Information Supplement provides an introduction to e-commerce security and guidance around the following primary areas and objectives:
 
E-commerce Overview – provides merchants and third parties with explanation of typical e-commerce components and common implementations and outlines high-level PCI DSS scoping guidance to be considered for each.
 
Common Vulnerabilities in E-commerce Environments – educates merchants on vulnerabilities often found in web applications (such as e-commerce shopping carts) so they can emphasize security when developing or choosing e-commerce software and services.
 
Recommendations - provides merchants with best practices to secure their e-commerce environments, as well as list of recommended industry and PCI SSC resources to leverage in e-commerce security efforts.
 
The document also includes two appendices to address specific PCI DSS requirements and implementation scenarios:
 
PCI DSS Guidance for E-commerce Environments – provides high-level e-commerce guidance that corresponds to the main categories of PCI DSS requirements; includes chart to help organizations identify and document which PCI DSS responsibilities are those of the merchant and which are the responsibility of any e-commerce payment processor.
 
Merchant and Third-Party PCI DSS Responsibilities – for outsourced or “hybrid” e-commerce environments, includes sample checklist that merchants can use to identify which party is responsible for compliance and specify the details on the evidence of compliance.
 
The information supplement can be downloaded from the documents library on the PCI SSC website at www.pcisecuritystandards.org/security_standards/documents.php.

comments powered by Disqus

RATE THIS CONTENT (5 Being the Best)

12345
Current rating: 0 (0 ratings)

MOST READ STORIES

ReportsMore >

Prime-Time Printers: The Peripheral To Watch

11/3/2014
In VSR’s 2014 Printer Handbook, we sit down with six of the industry’s most influential printer manufacturers to discover the hottest trends in printing. At a time when hardware is suffering from increasingly diminished margins, the newest printers hit the ground running, with compelling features and functionality designed to do way more than just print receipts. How has the lowly printer made its way up the POS food chain, and how can you take a bite out of this product’s peripheral pie? Download Now >

VSR EVENTS

2015 Business Optimization Summit West

topicsMore >