Website Verification

Learn about how you can make your website secure and safe for your customers

  • Website Verification Poll

  • Mybloglog

    Join My Community at MyBloglog!
  • Check out my website verification online magazine:

  • Add my blog to:

    Add to Technorati Favorites

Posts Tagged ‘pci data security standard’

What You Should Know About PCI Vulnerability Standards

Posted by websiteverification on June 29, 2010

The topic of the PCI Vulnerability Standards has been all over the web over the last few years. By now we all pretty much know that PCI compliance is an obligation for all merchants that accept credit cards. But all the talk about PCI has brought up numerous questions as well.  I put together a list of some frequently asked questions to help everyone with some answers.

What exactly are the PCI Vulnerability Standards? The PCI vulnerability standards, usually referred to as PCI DSS (PCI data security standards), consist of 12 detailed requirements produced by the PCI council.  The PCI council consists of the five major credit card companies. The standards were created for the purpose of bringing forth a unified way for businesses to keep their customer’s private information safe and secure. It was put into place September of 2006.

Do the PCI standards apply to all businesses? Any business that accepts transmits or stores credit card information must meet the specifications of PCI compliance, no matter their size.  To put it more simply, if you accept credit cards at your place of business, then the PCI requirements must be followed.

What if we don’t accept credit cards, but we accept debit cards? PCI compliance still applies here.  The PCI standards must be followed by any organization accepting credit or debit cards, or pre paid cards.  Essentially, if you are accepting any kind of cards branded with a logo from one of the five major credit card companies – American Express, Discover, JCB, MasterCard, or Visa – you must be in compliance.

Where is a complete list of the PCI Vulnerability Standards? Check out the website https://www.pcisecuritystandards.org.

How is PCI scanning related to PCI compliance? According to the PCI council, in order to sustain proper PCI compliance, your business should undergo daily or quarterly PCI scans of your system.  An ASV, approved scanning vendor, should scan your system including things like your website, office internet connections, and more.  Basically anything that is connected to a public IP address.

What happens if I am not in compliance? Outrageous fines as high as $100,000 a month may be charged for violating PCI.  This can becatastrophic, especially to small businesses, so do not take this lightly.

This article may or may not have answered all your PCI related questions.  Above all just remember that the PCI vulnerability standards must be followed and if you still have questions, don’t hesitate to ask. There is a lot of information available and PCI compliance is very important.

Posted in pci compliance, website verification | Tagged: , , , , , , , , | Leave a Comment »

Complying with the PCI Data Security Standards is Too Hard and Too Expensive

Posted by websiteverification on July 22, 2009

We all know by now that PCI compliance is necessary, but that doesn’t mean it’s the easiest thing in the world to accomplish.  Many businesses claim that complying with the PCI Data Security Standard is too hard and too expensive.

Understanding and executing the 12 PCI DSS requirements can seem intimidating, especially for small to medium sized businesses. However, these requirements were developed to help protect businesses from being victims of cardholder theft. Even if there was no requirement for PCI compliance, the practices for security found in these standards are steps that every business would want to take anyways to protect sensitive information. Most aspects of the PCI DSS are already a common practice for businesses who want their sites secure. There are many products and services available to help meet the requirements for security and PCI compliance.

When people say PCI is too hard, sometimes what they may really mean is that complying is expensive. But you should know that the business risks and ultimate costs of non-compliance can greatly exceed the cost of implementing PCI DSS.

Non-compliance can be very expensive if not catastrophic. Non-compliance doesn’t just result in costs associated with fines, credit card replacement and audit fees, but also from loss of business reputation and revenue. In fact a recent study stated that 70 percent of the cost of non-compliance was loss of revenue. This is not only a big deal for big companies that are criticized by the media, but may be truly disastrous for small businesses and the result is putting them out of business.

So, if you are one of those people that have ignored PCI compliance, know that it is not worth it.  Complying with the PCI Data Security Standard is a must!

Posted in pci compliance, website verification | Tagged: , , , , , | 1 Comment »