PCI Compliance Confusion :
Confusion looms for many online and offline merchants when Best Practice 6.6 of the PCI Data Security Standard becomes a requirement on June 30th.
The regulation requires that merchants dealing with debit and credit cards tighten up their security by both conducting application code reviews and installing Web application firewalls.
It was put forth by the PCI Security Standards Council, which issues, maintains and enforces the PCI security standards that govern payment account data security to which all corporations that deal with payment cards must adhere.
However, while stating that "proper implementation of both options would provide the best multi-layered defense", the Council says, in essence, that some merchants won't be able to implement both. The solution: select the best option for their needs. This is leading to compliance problems.
What does this mean to you? Small to medium enterprises invariably do not have the capital expenditure to warrant a huge spend on firewalls and web code rewrites. Many companies will have to perform a self-audit and review their internal processes when dealing with credit card details.
For many the simplest way to deal with this issue is to not process card details at all by handing over the processing of this task to a 3rd party e.g. a Payment Service Provider like PROTX or Secure Trading. These companies are PCI compliant and take the burden away from the merchants.
Read this story: http://www.internetnews.com/ec-news/article.php/3744581/The+Tangled+Web+of+PCI+Compliance.htm for more information.
t: 0845 868 9380
e:
