Ecommerce Security: PCI, Risk and Cost
  • Blog
  • Help & FAQ
  • Contact Us
  • 866-493-7037
    If you have any questions or need immediate assistance, we???re here to help you.

    Our sales staff is available to take your call Monday through Friday, 9:00 AM - 5:30 PM Eastern Standard Time.
Follow Us: Follow ShopVisible on Facebook Follow ShopVisible on Twitter
Home >> Blogs >> Ecommerce Security: PCI, Risk and Cost
ShopVisible Blog
Subscribe
Ecommerce Security: PCI, Risk and Cost
By jvm
10/26/2009 8:45:00 AM

PCI standards evolve but they do so often at a more languid pace than does the technology itself. Toss in economic considerations and you've got a real Ecommerce conundrum...

Recent literature published in the PCI Knowledge-base examines security and compliance migrations, cost reductions, and virtualization in recessionary times. Ecommerce solution provider ShopVisible offers up insights into its own PCI assessment process while trying to stay on top of recent Ecommerce security news in order to provide its clients and readers a glimpse into the rapidly blossoming arena of Ecommerce payment protection.

For many online merchants, or at least those wrestling with PCI and security measures to protect the CDE or cardholder data environment, the strident 12 requirements of PCI coupled with serious security budgets and IT infrastructure has created headaches and handicapped wallets...especially now. For many, as evidenced in the PCI Knowledge-base's expert’s blog, the arduous compliance process has become tarnished by a "checklist mentality and ineffective implementation and enforcement." It can be argued as a best practice in Ecommerce, or at least in an effort to pass compliance levels, that reducing risk and documenting to assessors that effective controls are in place exudes risk management policy, and thereby can help cut costs during the implementation.

PCI security experts have been discussing sophisticated elements of online commerce and their relation to development of both policy and technology. For instance, with regards to network segmentation and scope, the PCI Knowledge-base notes that “network segmentation is still not a requirement, for some reason, but it’s the single action that will save you the most money in the assessment.” In the PCI 1.2 version, segmentation is discussed and noted as being adequate along with the appropriate network diagrams if in place. One solution available to many merchants with the right budget is a variation of a network monitoring tool. These can “tell you, continuously, of attempts to access specific network resources.” They can in doing so show the assessor the positive impact of your network segmentation policy and thereby quantify risk and help cut back on PCI compliance costs.

Store sampling is another facet of the compliance process and in PCI 1.2, “the goal of the sampling process is to understand the risks posed by stores, since many security breaches originate there…” one here must show the assessor that store policy is commensurate with Ecommerce provider policy and high levels of consistency are maintained constantly again helping to reduce risk and cut costs. Again, automated tools can benefit providers here in an attempt to cut time and costs resources associated with manual configuration management. The PCI Knowledge-base notes that “the ability to place server configuration under change control is valuable for both PCI requirement 2, as well as requirement 10.” Automated tools will often justify a smaller sample size thus again reducing assessment fees.

The latest post from the PCI Knowledge-base also delves into discussion of compensating controls in the Ecommerce eco-system and states that “while compensating controls are too often used as a PCI cost cutting technique by merchants, they are really the heart and soul of risk management relative to PCI…a weak process for documenting and quantifying risk usually shows up in poorly defined compensating controls, which can cause compliance failure and additional assessment and technology costs.”

Basically, PCI compliance is an arduous process for any company regardless of organizational complexity, IT infrastructure and budget size. Above are just a few methods to try and cut back costs. When selecting an Ecommerce provider, it helps to do your due diligence and “in PCI 1.2, there is specific mention of the need to prove due diligence as to risk ‘prior to engaging’ service provider, and need to prove ongoing ‘monitoring’ of compliance status.” Keep monitoring policies up to date and maintain a vigilant stance with regards to data centers. Just because you’re PCI compliant does not mean that a hardened data center will mandate policy to keep you compliant. Prove to your data center, your assessor and to your clients that you care about risk. Show them PCI is an ongoing process and one dedicated to secure online transactions. The more safely your merchants sell, the more they will appreciate all your hard work!

ShopVisible is an Ecommerce solution provider intent on security, integration and SEO.

 


Currently rated 0 by 0 people


Tags: ShopVisible, PCI, Ecommerce solution, Ecommerce security, PCI Knowledge-base
Categories: SEO, RSS, User Generated Content, Ecommerce Blog
Bookmark and Share
Subscribe:  Email | RSS  

Comments:

No Comments have been submitted.

 
Include comments
Archive
2012
 January (3)
 
2011
 November (3)
 October (6)
 September (6)
 August (2)
 June (3)
 May (1)
 April (9)
 March (8)
 February (6)
 January (4)
 
 
Recent Posts
Internet Retailer : KontrolFreek Upped Its Email Count During The Holidays
  Comments: 0
  Rating: 0 / 0
Keep Your Buyers Coming Back For More
  Comments: 0
  Rating: 0 / 0
STORES : Updating A Classic - London Fog Weathers First Foray Into Ecommerce
  Comments: 0
  Rating: 0 / 0
ShopVisible : New Platform Release Provides Features In Time For The Holidays
  Comments: 0
  Rating: 0 / 0
MovieMars.com Accelerates Entertainment Access with ShopVisible
  Comments: 0
  Rating: 0 / 0
ShopVisible To Be Honored at Top 25 Entrepreneurs Awards
  Comments: 0
  Rating: 0 / 0
Catch This? Best of the Week, October 24th - 28th
  Comments: 0
  Rating: 0 / 0
Marketing Daily : How Internet Storefronts Coexist, Integrate To Drive Sales
  Comments: 0
  Rating: 0 / 0
Catch This? Best of the Week, October 17th - 21st
  Comments: 0
  Rating: 0 / 0
ShopVisible : Awarded Best Ecommerce Website Honors at 2011 IMA Awards
  Comments: 0
  Rating: 0 / 0
 
Recent Comments
Mobile Strategies for a Three Screen Consumer (1)
Nano Premium PVR wrote: Terrific idea of posting this kind of information.... [More]
ShopVisible Social Commerce Platform - Three Reasons We're Different (1)
Richard wrote: Great post.... [More]
1to1 Media : Social Customers Lead To Social Commerce (1)
Richard wrote: Great post.... [More]
 
Tag Cloud
404 Error A B testing abandoned carts abandonment rates Alexa amazon analytics atlanta ecommerce Atlanta Piano vendors Atlanta SEO authenteak auto dealer Auto Leasing auto-complete Automotive eCommerce Bambeco baseball caps baseball hats blackberry cases brand awareness online brick and mortar retailers bugs buy.com Car Dealers Car Dealerships cars miami case mate Case-Mate CCart of the Week CDE cell phone cases channel integraion channel integrations classic cars florida classic cars miami CMS Cnet content management controlScan cookies coupon Coupons craigslist creativity Credibility customer reviews cyber security d terrell David Taylor Dealerships design domain Ecommerce Ecommerce security Ecommerce solution Google Internet Retailer PCI pianoworks SEO ShopBags ShopVisible url
 
Authors
BC (2)
Bharat C (2)
DannieB (32)
e-commerce info (1)
E-Commerce Information (1)
Emma G (1)
JVM (19)
Kendrick (1)
Kendrick Woolford (2)
Lauren Smith (28)
Marketing (61)
marketing@shopvisible.com (3)
Nithya (1)
PAN Communications (1)
Sean Cook (1)
SEO Information (1)
The Frog (4)
Webster J Frogg (10)
 
Categories
Catch This? (16)
Social Commerce (12)
Ecommerce (2)
Ecommerce Blog (100)
ecommerce news (9)
Internet Retailer Conference & Exhibition 2010 (1)
Marketing (2)
Media Coverage (34)
Mobile Commerce (6)
PCI news (5)
Press Releases (23)
RSS (62)
SEO (34)
social media (3)
User Generated Content (23)
 
Blog Roll
Feed Growth!
 
 
Close

Contact Us

Tell us a little bit about what you are interested in so we can better serve you

Your Information

What are you interested in?

Your Message

Do you have an RFP you would like us to consider?

Please complete the contact form and indicate that you have an RFP in the message field. When we contact you, we’ll request a copy and respond with a customized solution to meet your needs.

You can get our RFP form here.

Would you like to speak to one of our platform consultants?

Please indicate that you would like to set up a call with one of our team members in the message field of the contact form. We’ll set up a time that’s convenient for you to show you the inner workings of the ShopVisible platform, and answer any technical questions you might have.