 |
|
 |
|
 |
 |
||
|
|
|
|
|
|
||
www.ecommerce-guide.com/news/news/article.php/3749206
By Kerry Watson May 29, 2008 STEP 3. Make a Decision. If the list of your store's vulnerabilities from your free scan is too long and overwhelming and technical, you may want to consider switching to an off-site, third-party credit card processor. For example, if like many Web hosts, your host is not yet PCI compliant, your choices are to move your online store to a Web host that is PCI compliant, or to switch to an off-site, third-party credit card processor that meets the standards. If all of the complaints in your scan refer to Apache, OpenSSH, or other unfamiliar server programs, these are Web hosting issues not under your direct control. Contact your Web host to ask if they are working to achieve PCI compliant status. Likewise, if you must access the Internet via an unsecure wireless network and cannot secure it, switching to the third-party credit card processor will solve your PCI compliance status, but of course your personal network and your personal data will remain vulnerable.
STEP 4. Hire a Techie. If your list of vulnerabilities is long or you don't have a technical bone in your body, you may want to hire a Qualified Security Assessor or "QSA" to help you address your list of vulnerabilities. These are technical folks who are certified by the PSI Security Standards Council to help merchants like you achieve compliance. When contacting these folks, use all security precautions to be sure you are contacting the real QSA and not a very similar spoofed or phishing Web site. Your QSA will help you to tighten security on the most critical items, and help you to develop a plan to achieve compliance on the rest.
STEP 5. Continue to Address Security. Whether you move credit card processing off-site, or you bite the bullet and go for full on-site processing, never stop addressing online security. The PCI Standards organization has developed and made available to you a security protocol that would have cost you thousands of dollars for a private security specialist to custom develop for you. Take advantage of this opportunity to prevent security breaches to your own priceless data, as well as your customers' financial data. Here is a summary of security areas for you to review regularly: • Immediately change default passwords when installing any program;
Additional Resources for Small Online Merchants: KNOW PCI: a portal with many resources for small online merchants including a panel of PCI experts, best practices, a knowledgebase and forums — http://www.knowpci.com/ PCI Questionnaires and Instructions: the PCI organization's forms — https://www.pcisecuritystandards.org/tech/instructions.htm PCI Qualified Security Assessors: check this list on a regular basis to ensure that its QSA has successfully maintained its status as a Qualified Security Assessor — PCI Approved Scanning Vendors: check this list on a regular basis to ensure that its ASV has successfully maintained its status as an Approved Scanning Vendor — https://www.pcisecuritystandards.org/resources/approved_scanning_vendors.htm
Kerry Watson is a consultant and author of 11 books in the OSC industry, including the new Manual for Magento Users. Her Web site is osCommerceManuals.com.
|
| Go to page: Prev 1 2 |
|
|
Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs 
