Feeds

Visa tightens rules for small sellers

You have 24 hours to comply

Top 5 reasons to deploy VMware with Tegile

From tomorrow small businesses that take credit card payments will be obliged to enrol in the credit card industry's Payment Card Industry Data Security Standard (PCI DSS) compliance programme.

From 1 July small and medium enterprises using electronic point of sale terminals and e-commerce systems need to reach basic compliance with an entry-level version of the standard or face higher merchant fees or, in extreme cases such as in the aftermath of security breaches, the withdrawal of merchant statuses.

Larger firms need to comply with the full versions of the PCI DSS standard by 30 September.

The latest (v1.2) objectives for PCI DSS compliance cover 12 requirements, written by the payment card industry, for the safe processing of credit and debit card transactions.

Requirements include a mandate to build a secure network and protect cardholder data. Compliance is achieved by self-assessment for mom and pop shops processing less than 20,000 e-commerce transactions a year and compulsory external audits for e-commerce heavyweights.

The PCI Security Standards Council website has a number of resources available to merchants and service providers, including a self-assessment questionnaire, which firms can use to understand how card security rules might affect them. "By using the range of self-help files and questionnaires on the PCI council's Web site, companies can save themselves a lot of expensive legwork in terms of pre-compliance procedures," said Jeff LoSapio, security practice manager for application security specialist Fortify.

"Through adoption of a best practice approach, companies can actually save themselves money in the longer term, and may even avoid the need to hire an expensive consultant who may not actually tell their board anything extra that their IT department doesn't know already," he added. ®

Beginner's guide to SSL certificates

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
DOUBLE BONK: Testy fanbois catch Apple Pay picking pockets
Users wail as tapcash transactions are duplicated
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.