Feeds

Visa tightens rules for small sellers

You have 24 hours to comply

Build a business case: developing custom apps

From tomorrow small businesses that take credit card payments will be obliged to enrol in the credit card industry's Payment Card Industry Data Security Standard (PCI DSS) compliance programme.

From 1 July small and medium enterprises using electronic point of sale terminals and e-commerce systems need to reach basic compliance with an entry-level version of the standard or face higher merchant fees or, in extreme cases such as in the aftermath of security breaches, the withdrawal of merchant statuses.

Larger firms need to comply with the full versions of the PCI DSS standard by 30 September.

The latest (v1.2) objectives for PCI DSS compliance cover 12 requirements, written by the payment card industry, for the safe processing of credit and debit card transactions.

Requirements include a mandate to build a secure network and protect cardholder data. Compliance is achieved by self-assessment for mom and pop shops processing less than 20,000 e-commerce transactions a year and compulsory external audits for e-commerce heavyweights.

The PCI Security Standards Council website has a number of resources available to merchants and service providers, including a self-assessment questionnaire, which firms can use to understand how card security rules might affect them. "By using the range of self-help files and questionnaires on the PCI council's Web site, companies can save themselves a lot of expensive legwork in terms of pre-compliance procedures," said Jeff LoSapio, security practice manager for application security specialist Fortify.

"Through adoption of a best practice approach, companies can actually save themselves money in the longer term, and may even avoid the need to hire an expensive consultant who may not actually tell their board anything extra that their IT department doesn't know already," he added. ®

Build a business case: developing custom apps

More from The Register

next story
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Sonos AXES support for Apple's iOS4 and 5
Want to use your iThing? You can't - it's too old
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
Too many IT conferences to cover? MICROSOFT to the RESCUE!
Yet more word of cuts emerges from Redmond
Joe Average isn't worth $10 a year to Mark Zuckerberg
The Social Network deflates the PC resurgence with mobile-only usage prediction
Chips are down at Broadcom: Thousands of workers laid off
Cellphone baseband device biz shuttered
Feel free to BONK on the TUBE, says Transport for London
Plus: Almost NOBODY uses pay-by-bonk on buses - Visa
Amazon says Hachette should lower ebook prices, pay authors more
Oh yeah ... and a 30% cut for Amazon to seal the deal
Twitch rich as Google flicks $1bn hitch switch, claims snitch
Gameplay streaming biz and search king refuse to deny fresh gobble rumors
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.