Feeds

Visa tightens rules for small sellers

You have 24 hours to comply

Beginner's guide to SSL certificates

From tomorrow small businesses that take credit card payments will be obliged to enrol in the credit card industry's Payment Card Industry Data Security Standard (PCI DSS) compliance programme.

From 1 July small and medium enterprises using electronic point of sale terminals and e-commerce systems need to reach basic compliance with an entry-level version of the standard or face higher merchant fees or, in extreme cases such as in the aftermath of security breaches, the withdrawal of merchant statuses.

Larger firms need to comply with the full versions of the PCI DSS standard by 30 September.

The latest (v1.2) objectives for PCI DSS compliance cover 12 requirements, written by the payment card industry, for the safe processing of credit and debit card transactions.

Requirements include a mandate to build a secure network and protect cardholder data. Compliance is achieved by self-assessment for mom and pop shops processing less than 20,000 e-commerce transactions a year and compulsory external audits for e-commerce heavyweights.

The PCI Security Standards Council website has a number of resources available to merchants and service providers, including a self-assessment questionnaire, which firms can use to understand how card security rules might affect them. "By using the range of self-help files and questionnaires on the PCI council's Web site, companies can save themselves a lot of expensive legwork in terms of pre-compliance procedures," said Jeff LoSapio, security practice manager for application security specialist Fortify.

"Through adoption of a best practice approach, companies can actually save themselves money in the longer term, and may even avoid the need to hire an expensive consultant who may not actually tell their board anything extra that their IT department doesn't know already," he added. ®

Top 5 reasons to deploy VMware with Tegile

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The Heartbleed Bug: how to protect your business with Symantec
What happens when the next Heartbleed (or worse) comes along, and what can you do to weather another chapter in an all-too-familiar string of debilitating attacks?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.