Posted by websiteverification on March 31, 2009
You may have heard a lot about PCI compliance, and maybe you have taken all the steps you need to ensure that your business is PCI certified. But, I have a question for you? Are the websites you are shopping on PCI certified? This is something that is important to you as an online shopper, because you want to make sure that your personal information, such as account numbers, etc. is safe and secure. One way that you can be sure, is if the website you are shopping on is PCI certified.
Just to review, what it means to PCI certified is that the website is complying with all the requirements of the PCI DSS (which stands for Payment Card Industry Data Security Standards). These requirements include things such as building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability management program, regularly monitoring and testing networks, and maintaining an information security policy. Also, the website should be carrying out quarterly or daily PCI vulnerability scans. These scans will scan the website on a quarterly or daily basis in order to make sure that there are no threats or vulnerabilities on the website that would cause customer information to become stolen by hackers and online thieves.
You may be wondering how you can tell if a website that you shop on is PCI certified. The easiest way to tell is by looking for trust seals posted on the website. Trust seals are small images, that when clicked on, will confirm that the website has been verified and has conducted PCI scans. It is important to look for trust seals when shopping online, so that you aren’t putting your personal information in on a site that is not safe from online theft.
So when you shop online, be careful. Do your homework and look for those trust seals that are up to date. You want to be sure that the site you are shopping on is verified by a third party, and is following PCI compliance. Don’t let your personal information fall into the hands of the wrong person. Make sure that you are shopping on websites that are PCI certified.
Posted in pci compliance, website verification | Tagged: PCI certified, pci compliance, pci dss, pci scanning, pci security standard, website security, website verification | Leave a Comment »
Posted by websiteverification on March 18, 2009
You may have heard the term “vulnerability assessment, but aren’t quite sure what it means. You are not alone. I ran into this term a few times in my research and wasn’t quite sure what to think, so I decided to find out what exactly a vulnerability assessment is, and how it relates to PCI compliance.
These days, the risk of threats on the internet has become increasingly worrisome. The rising cleverness of intruder attacks using vulnerabilities found in online networks and applications has made it crucial for businesses to assess their network on a regular basis. This is where a vulnerability assessment comes in. A vulnerability assessment works hand in hand with PCI scanning to accurately scan web applications, databases, networks, operating systems and other software to find threats and assess the risk to the business. In a nutshell, running these PCI scans (sometimes referred to as vulnerability scans) help to reveal any areas in your network that are weak or prone to attack. Then you will be able to make any changes needed to your network to ensure that your business and customers are safe.
As with anything, it is important to realize that using vulnerability scanning alone, is not entirely fail-safe. As a business, you can combine the use of vulnerability scanning along with other means of website protection to ensure the security of your business and customers. Also, you should be aware, that not all vulnerability or PCI scanners are the same, so you really should do some research and make sure that you are using an approved scanning vendor (aka ASV), that will do the best job for you.
A company that I have found to be very helpful in all my research is Trust Guard. They offer a lot of information on a vulnerability assessment and vulnerability scanning. Check it out, and ensure that your business is protected.
Posted in pci compliance, website verification | Tagged: pci compliance, pci compliant, pci scanning, pci security standard, third party verification, vulnerability assesment, vulnerability scanning, website security, website verification | Leave a Comment »
Posted by websiteverification on March 10, 2009
I have been talking about the PCI Security Standards a lot in my posts. I have gone into a lot of detail about what the PCI Security Standards are, but I thought it might be helpful to let you know where they come from. In doing all my research one of my main sources has been the PCI Security Standards Council’s website (found at https://www.pcisecuritystandards.org/). They are kind of the main resource and enforcer of PCI compliance and PCI scanning. I thought it might be helpful to everyone to let you know a great place to find out more information about the PCI Security Standards.
The PCI Security Standards Council’s goal is to improve security for payment card accounts by bringing more education and awareness of the PCI Security Standards to merchants and businesses around the world. The PCI Security Standards Council was founded by the five major credit card companies American Express, Discover, JCB International, MasterCard, and Visa.
To give you some idea of how the PCI Security Standards Council runs on a daily basis, I have included some information about the different areas of the council. The PCI Security Standards Council is headed by a policy-setting Executive Committee, consisting of representatives from the five founding payment brands. Operational decisions are made by a Management Committee, as well as from the payment brands. An Advisory Board, drawn from participating organizations, offers input to the organization and feedback on the progress of the PCI Data Security Standards. A Marketing Working Group, Technical Working Group, and a Legal Committee, whose participants are drawn from the payment brands, deal with their respective activities.
So if you are ready to make your business PCI compliant, reading about the PCI Security Standards Council is a great place to start. You can find a lot of great useful resources and information on their site to help you know what you need to do.
Posted in pci compliance, website verification | Tagged: pci compliance, pci compliant, pci dss, pci scanning, pci security standard, pci security standards, trust guard, website security, website verification | Leave a Comment »