Online Retailers Forced To Get Secure

KingFishKingFish
edited April 2005 in Science & Tech
Online retailers are about to get a lot more secure--if they want to continue doing business and accept credit cards, that is.
This is because the big credit card companies (American Express, Diners, Discover, JCB, MasterCard, and Visa) have come together and formulated a new standard for security which all Web-based shops must comply with. The reason for this new wave of security is due to the continuing problems with businesses losing customer data either through malicious activity or general data retention problems.

The new standard is called the Payment Card Industry Data Security Standard (PCIDSS), and it consists of quite a few measures that online shops will have to follow in order to pass annual certifications and quarterly check-ins. If a shop doesn't comply, it could be stopped from accepting credit cards, which would kill the business straight away. Regulations within the standard include using firewalls and anti-virus protection over networks, applying encryption to customer data, not using default passwords, restricting both digital and physical access to customer data on a per employee basis, and monitoring those people and the data itself.

Starting on July 1st this year, the new standard will apply to any Web-based shop in the world that accepts more than 20,000 credit card transactions per year. As well as potentially losing the ability to accept credit cards, a shop that fails to comply could also see itself picking up the tab for any security breaches, e.g., stolen credit card numbers.
How will this stop rogue employees from obtaining account numbers, which is the top way for identity theft and fraud to be committed in the first place? -KF

Source: GEEK.com
Sign In or Register to comment.