ShopVisible: Blog Comments
 
ECommerce Blog By ShopVisible SUBSCRIBE
Include comments
TAG CLOUD
404 Error A B testing abandoned carts abandonment rates Alexa amazon analytics Atlanta eCommerce Atlanta Piano vendors Atlanta SEO authenteak auto dealer Auto Leasing auto-complete Automotive ecommerce Bambeco baseball caps baseball hats blackberry cases brand awareness online brick and mortar retailers bugs Car Dealers Car Dealerships cars miami Case Mate case-mate CCart of the Week CDE cell phone cases channel integraion classic cars florida classic cars miami CMS Cnet content management controlScan cookies coupon Coupons craigslist creativity Credibility customer reviews cyber security d terrell David Taylor Dealerships design domain donell DonL ECommerce ecommerce platform Ecommerce solution google Internet Retailer PCI SEO ShopBags shopvisible ted vernon URL
 
RECENT POSTS
USA Today Takes Notice of ShopVisible's Facebook Application
  Comments: 0
  Rating: 0 / 0
Retailers: 50% Off Two Main Days at Etail West Courtesy of ShopVisible
  Comments: 0
  Rating: 0 / 0
ShopVisible Powers Internet Retailer's Hot 100
  Comments: 0
  Rating: 0 / 0
ShopVisible Launches PayLessDecor.com
  Comments: 0
  Rating: 0 / 0
PCI/Security Expert David Taylor Passes Away
  Comments: 0
  Rating: 0 / 0
ShopBags.com Featured in Chain Store Age Magazine
  Comments: 0
  Rating: 0 / 0
ShopVisible and Payless Décor Featured on InternetRetailer.com
  Comments: 0
  Rating: 0 / 0
Ecommerce Security: PCI, Risk and Cost
  Comments: 0
  Rating: 0 / 0
SaaS-based CyberSecurity: Ecommerce and PCI Options
  Comments: 0
  Rating: 0 / 0
SEO Awesomeness: RightSize Online
  Comments: 0
  Rating: 0 / 0
 
RECENT COMMENTS
No Comments Available
 
ARCHIVES
2010
 February (1)
 January (1)
 
2009
 December (1)
 November (3)
 October (4)
 September (6)
 August (7)
 July (7)
 June (3)
 May (5)
 April (3)
 March (2)
 February (2)
 January (3)
 
 
AUTHORS
BC (2)
Bharat C (2)
DannieB (34)
e-commerce info (1)
E-Commerce Information (1)
Emma G (1)
jvm (20)
Nithya (1)
SEO Information (1)
The Frog (4)
Webster J Frogg (10)
 
CATEGORIES
 
BLOG ROLL
Feed Growth!
 
 


  Comments(0)
Ecommerce Security: PCI, Risk and Cost
Posted By jvm
10/26/2009 8:45:00 AM

PCI standards evolve but they do so often at a more languid pace than does the technology itself. Toss in economic considerations and you've got a real Ecommerce conundrum...

Recent literature published in the PCI Knowledge-base examines security and compliance migrations, cost reductions, and virtualization in recessionary times. Ecommerce solution provider ShopVisible offers up insights into its own PCI assessment process while trying to stay on top of recent Ecommerce security news in order to provide its clients and readers a glimpse into the rapidly blossoming arena of Ecommerce payment protection.

For many online merchants, or at least those wrestling with PCI and security measures to protect the CDE or cardholder data environment, the strident 12 requirements of PCI coupled with serious security budgets and IT infrastructure has created headaches and handicapped wallets...especially now. For many, as evidenced in the PCI Knowledge-base's expert’s blog, the arduous compliance process has become tarnished by a "checklist mentality and ineffective implementation and enforcement." It can be argued as a best practice in Ecommerce, or at least in an effort to pass compliance levels, that reducing risk and documenting to assessors that effective controls are in place exudes risk management policy, and thereby can help cut costs during the implementation.

PCI security experts have been discussing sophisticated elements of online commerce and their relation to development of both policy and technology. For instance, with regards to network segmentation and scope, the PCI Knowledge-base notes that “network segmentation is still not a requirement, for some reason, but it’s the single action that will save you the most money in the assessment.” In the PCI 1.2 version, segmentation is discussed and noted as being adequate along with the appropriate network diagrams if in place. One solution available to many merchants with the right budget is a variation of a network monitoring tool. These can “tell you, continuously, of attempts to access specific network resources.” They can in doing so show the assessor the positive impact of your network segmentation policy and thereby quantify risk and help cut back on PCI compliance costs.

Store sampling is another facet of the compliance process and in PCI 1.2, “the goal of the sampling process is to understand the risks posed by stores, since many security breaches originate there…” one here must show the assessor that store policy is commensurate with Ecommerce provider policy and high levels of consistency are maintained constantly again helping to reduce risk and cut costs. Again, automated tools can benefit providers here in an attempt to cut time and costs resources associated with manual configuration management. The PCI Knowledge-base notes that “the ability to place server configuration under change control is valuable for both PCI requirement 2, as well as requirement 10.” Automated tools will often justify a smaller sample size thus again reducing assessment fees.

The latest post from the PCI Knowledge-base also delves into discussion of compensating controls in the Ecommerce eco-system and states that “while compensating controls are too often used as a PCI cost cutting technique by merchants, they are really the heart and soul of risk management relative to PCI…a weak process for documenting and quantifying risk usually shows up in poorly defined compensating controls, which can cause compliance failure and additional assessment and technology costs.”

Basically, PCI compliance is an arduous process for any company regardless of organizational complexity, IT infrastructure and budget size. Above are just a few methods to try and cut back costs. When selecting an Ecommerce provider, it helps to do your due diligence and “in PCI 1.2, there is specific mention of the need to prove due diligence as to risk ‘prior to engaging’ service provider, and need to prove ongoing ‘monitoring’ of compliance status.” Keep monitoring policies up to date and maintain a vigilant stance with regards to data centers. Just because you’re PCI compliant does not mean that a hardened data center will mandate policy to keep you compliant. Prove to your data center, your assessor and to your clients that you care about risk. Show them PCI is an ongoing process and one dedicated to secure online transactions. The more safely your merchants sell, the more they will appreciate all your hard work!

ShopVisible is an Ecommerce solution provider intent on security, integration and SEO.

 

Currently rated 0 by 0 people

Tags: ShopVisible, PCI, Ecommerce solution, Ecommerce security, PCI Knowledge-base
Categories: SEO, RSS, User Generated Content
 
SUBSCRIBE:     Email      RSS  

Comments
No Comments have been submitted.

   
  Your name (required):  
   
 
  Your email address (required):  
     
 
  Your website address (optional):  
   
 
  Your comments (required):  
   
 
   
 
 
 
 
 
 
 
© 2010 SHOPVISIBLE ALL RIGHTS RESERVED