All PCI compliance security standards effect e-commerce sites that gather credit/debit card information, but five of the six categories from the Data Security Standard also effect non e-commerce sites. In other words, when it comes to PCI Compliance, everyone who owns or operates a website should pay attention.
Build and Maintain a Secure Network
Maintain a Vulnerability Management Program
Implement Strong Access Control Measures
Regularly Monitor and Test Networks
Maintain a Information Security Policy
All e-commerce businesses that accept payment cards are required to do two things: Quarterly PCI Scanning on all external-facing IP addresses, and a Report on Compliance or Self-Assessment Questionaire concerning PCI SSC Compliance and the PCI DSS.
PCI Scanning (also known as PCI Security Scanning or Vulnerability Scanning) involves having a PCI Approved Scanning Vendor (ASV) scan each public e-commerce IP address. However, if customers are transferred to a third-party shopping cart hosted by your shopping cart provider during the checkout process, then those IP addresses should be scanned as well.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment