Website Verification

Learn about how you can make your website secure and safe for your customers

  • Website Verification Poll

  • Mybloglog

    Join My Community at MyBloglog!
  • Check out my website verification online magazine:

  • Add my blog to:

    Add to Technorati Favorites

Archive for June, 2009

Identity Theft Can Be Avoided With Vulnerability Assessments

Posted by websiteverification on June 26, 2009

It has been said that identity theft is the largest white collar crime ever in the United States.  As a website owner, you may wonder what you can do to protect your clients.  I am here to recommend that you should definitely have vulnerability assessments done on your website.  A vulnerability assessment is defined as the process of identifying, quantifying and prioritizing the vulnerabilities in a system.  You may have also heard of vulnerability scanning or pci scanning, it is really all basically the same thing.  And it is one of the best ways that you, as an online business owner, can protect the information of your customers.

Criminal identity theft occurs when a thieve gives another person’s name and personal information such as a drivers’ license, date of birth, or Social Security number (SSN) to obtain a job, housing, money, goods, or other services. It’s been reported by the Federal Trade Commission that in the last twelve months 9.93 million people have had some type of identity theft crime committed against them. Victims spend on average $1,200 in out-of-pocket expenses and an average of 175 hours in time and effort to resolve the many problems caused by identity thieves. The scary thing is that it takes a victim on average 12 months before they even realize they have been victimized!

So how can vulnerability assessments help? Having vulnerability scanning conducted by an approved scanning vendor yearly or even quarterly can protect your site and help keep you compliant with the PCI DSS (Payment Card Industry Data Security Standards). Merchants that accept, process or store credit card information on their site, must have the scanning conducted.  Once passing the scan they will receive the official certification that they need to submit to their acquiring bank.  You can be sure that you will avoid penalties and heavy fines, if you are conducting these scans and staying compliant.

It has been proven that merchants who are pci compliant see online orders increase. Why? Because shoppers are more confident in using their credit cards online when they know that the sites they are shopping on are more protected from the risk of identity theft.

Some areas that are tested during a vulnerability assessment are firewalls, server vulnerabilities, virtual private networking (VPN), email configuration, remote access services, web site analysis, modems, and more.

So if you own an online business, don’t take any risks.  Keep your site compliant and safe from identity thieves for the protection of your business and your customers. Start vulnerability assessments now.

Posted in pci compliance, website verification | Tagged: , , , , , , , | 1 Comment »

The PCI Standards SAQ

Posted by websiteverification on June 1, 2009

While doing my research into the PCI standards I have come across a term quite often; SAQ.  The acronym stands for Self Assessment Questionnaire. The PCI standards Self Assessment Questionnaire is a tool used to assist merchants and service providers in self-evaluating their PCI compliance.

There are five different versions of the PCI standards SAQ in order to meet various scenarios.  The version that your organization will need to complete depends on how your company handles credit card data. For some businesses, the appropriate questionnaire is short and simple, while for others it is long and technical.  But each questionnaire is divided into six sections that focus on a specific are of security. These are:

  1. Maintain a secure network.
  2. Protect cardholder data.
  3. Maintain a vulnerability management program.
  4. Implement strong access control measures.
  5. Regularly monitor and test networks.
  6. Maintain and information security policy.

While completing the SAQ, merchants have to pass each question in order to be considered compliant with the PCI standards. Failing any question means the merchant or service provider is not compliant. The risk(s) identified by the questionnaire must be remedied and the questionnaire retaken.

The SAQ may seem somewhat complicated, but there are many businesses and websites out there that can help you complete it.  Also, depending on your merchant level, the SAQ may not be enough.  You may need to have an onsite audit completed to certify your PCI compliance.  The best thing to do if you are unsure is to check with your acquirer.

Posted in pci compliance, website verification | Tagged: , , , , , | Leave a Comment »