The Tangled Web of PCI Compliance, Are You Ready?

Internet.com - The Network for Technology Professionals

Events
- JupiterEvents
- internet.com/webcasts
Jobs
Partners
Solutions
- eBooks
- Video
Shop

You are in the: Small Business Computing Channel

� ECommerce-Guide | Small Business Computing | Webopedia | WinPlanet |Refer-It

News, reviews and practical solutions for your online business

Selling on eBay

Search
ECommerce-Guide

Search internet.com

Become a Partner

Find the right eCommerce software now

Free Newsletters

ECommerce-Guide Daily

Small Business Computing

WinPlanet

Webopedia

E-mail Offers

Newsletter Address Changes

internet.commerce

Be a Commerce Partner
Compare Prices
Shop
Car Donations
Computer Hardware
Compare Prices
Imprinted Promotions
Phone Cards
Televisions
Web Design
Memory
Desktop Computers
Condos For Sale
Web Hosting Directory
Rackmount LCD Monitor

internet.com

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

You are in: ECommerce-Guide > News

Rethinking the Datacenter
Sponsored by HP
Today's datacenters need to increase utilization, get control over power and cooling costs, and align with business objectives. Download this eBook to learn about the challenges facing the data center in a world where digital information is growing at a torrid pace and costs are being held in check. Learn more. »

Putting the Green into IT
Sponsored by HP
Electricity use in data centers is skyrocketing, sending energy bills through the roof, creating environmental concerns and generating negative publicity. "Going Green" means looking to technologies like virtualization, energy-efficient chips and racks, and implementing policies that extend beyond the data center. Learn more. »

Managing the Modern Network
Sponsored by HP
In a global economy where information crosses the globe in an instant, and where Web-based applications power business, it's more important than ever to ensure your network is safe from threats and optimized to deliver the data your business needs. »

Evaluating Software as a Service for Your Business
Sponsored by Webroot
Is Software as a Service just hype, or is something really going on here? See if your company can benefit as SaaS tries to change the face of the enterprise. »

Is Your Disaster Recovery Plan Good Enough?
Sponsored by HP
Preparing for a disaster is more often than not part of the storage planning process, and it is one of the most difficult tasks, since it includes local hardware and software, networking equipment, and a test plan. Learn how to get disaster recovery right. »

ECommerce-Guide Essentials

eBiz FAQ
Everything you need to know to start your own successful e-business.

Selling on eBay
How to make money in the online marketplace.

PayPal Payments and More
What's new in secure payments for your online store.

Shopping Cart Software
Solutions to close, process and track your online sales.

Related Articles
• Amazon Takes Issue with NY Online Tax Law
• Five PayPal Tools for Web Shops
• Show Me the Money: Setting Up Payment Methods
•McAfee Shows Shoppers your Site's Safe and Secure

Speed, agility, flexibility - The HP BladeSystem c-Class.

ecommerce-guide news and trends

The Tangled Web of PCI Compliance, Are You Ready?
By Richard Adhikari
May 9, 2008

Fear and loathing will dominate when Best Practice 6.6 of the PCI Data Security Standard becomes a requirement June 30.

The regulation requires that merchants dealing with debit and credit cards tighten up their security by both conducting application code reviews and installing Web application firewalls.

It was put forth by the PCI Security Standards Council, which issues, maintains and enforces the PCI security standards that govern payment account data security to which all corporations that deal with payment cards must adhere.

However, while stating that "proper implementation of both options would provide the best multi-layered defense", the Council says, in essence, that some merchants won't be able to implement both. The solution: select the best option for their needs. This is leading to compliance problems.

"We're addressing the problem in two ways," said Bob Russo, general manager of the PCI Security Standards Council. "If you have custom application code, it needs to be reviewed for common vulnerabilities, either by yourself or by a company that does application code reviews by a standard like OWASP. The Open Web Application Security Project, OWASP, is a worldwide free and open community focused on improving the security of application software whose materials are available under an open source license.

For off-the-shelf software, "installing an application layer firewall in front of a Web facing app will work as well," Russo explained. "You need security in the application itself if you can do it but that's not necessarily the way you need to look at this; either way will suffice."

In essence, it's going to have to be a business decision. And which option merchants choose depends on how much money they have.

"Bigger merchants have more budget and can afford to do both; but when you get into Level 4 merchants, which Visa describes as "any merchant processing fewer than 20,000 Visa e-commerce transactions per year," margins tend to be thin. (By contrast, Level-1 merchants have more than 6 million transactions a year.) Level 4 merchants "don't have lots of staff," said Ryan Barnett, director of application security at Breach Security and an instructor at the training-focused SANS Institute. "They're forced to choose between the two options."

(Continue to Page 2 for How Costs Affect Compliance)

Go to page: 1 2 Next

Tools:

Add ecommerce-guide.com to your favorites

Add ecommerce-guide.com to your browser search box
IE 7 | Firefox 2.0 | Firefox 1.5.x
Receive news via our XML/RSS feed

Click Here

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Whitepapers and eBooks
Microsoft Article: HyperV-The Killer Feature in WinServer �08 Avaya Article: How to Feed Data into the Avaya Event Processor Microsoft Article: Install What You Need with Win Server �08 HP eBook: Putting the Green into IT Whitepaper: HP Integrated Citrix XenServer for HP ProLiant Servers Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 1 Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 2--The Future of Concurrency		Avaya Article: Setting Up a SIP A/S Development Environment IBM Article: How Cool Is Your Data Center? Microsoft Article: Managing Virtual Machines with Microsoft System Center HP eBook: Storage Networking , Part 1 Microsoft Article: Solving Data Center Complexity with Microsoft System Center Configuration Manager 2007 MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts
Intel Video: Are Multi-core Processors Here to Stay? On-Demand Webcast: Five Virtualization Trends to Watch HP Video: Page Cost Calculator Intel Video: APIs for Parallel Programming		HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind Microsoft Silverlight Video: Creating Fading Controls with Expression Design and Expression Blend 2 MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits
Sun Download: Solaris 8 Migration Assistant Sybase Download: SQL Anywhere Developer Edition Red Gate Download: SQL Backup Pro and free DBA Best Practices eBook		Red Gate Download: SQL Compare Pro 6 Iron Speed Designer Application Generator MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos
How-to-Article: Preparing for Hyper-Threading Technology and Dual Core Technology eTouch PDF: Conquering the Tyranny of E-Mail and Word Processors IBM Article: Collaborating in the High-Performance Workplace HP Demo: StorageWorks EVA4400		Intel Featured Algorhythm: Intel Threading Building Blocks--The Pipeline Class Microsoft How-to Article: Get Going with Silverlight and Windows Live MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES