PCI Security Guides 2013
With the release of new guidelines outlined by the PCI Security Standards Council, merchants need to understand how better to keep their customers data safe with the sharp and continued rise of e-commerce. More importantly is the sudden rise in mobile commerce which will reach an expected 1.3 Trillion by the end of 2015. Since mobile security will be of the utmost importance as more and more merchants employ these devices. Since these devices could reasonably store any information inputted into the device, the PCI SSC has also set in place new mobile standards to ensure merchant and customer security. The guidelines for e-commerce can be found at: https://www.pcisecuritystandards.org/pdfs/pr_130130_ecommerce_sig.pdf.
This document insists that merchants need to know what types of attacks on their e-commerce sites they should be aware of and how their service provider is prepared to handle them. As the digital world continues to evolve, merchants need to be aware of continued threats and continue to insist on their service provider’s promises to interpret these threats and better code their payment processor to handle this. For example, a SQL injection, although known about for several years, continues to be the most common form of intrusion into the e-commerce payment site and manages to steal customer data. A simple solution is available for this and merchants need to ask proper, well informed questions of their processor to ensure PCI compliancy and customer safety. For merchants whom are already participating in mobile technology or are considering the move to mobile commerce, the guidelines for them are at https://www.pcisecuritystandards.org/pdfs/13_02_13_Mobile_Press_Release.pdf .
These guidelines outline what mobile merchants need to know about their emerging market and how they need to partner with software developers and device makers to ensure PCI compliancy and customer security. After all, merchants need to be paid and customers need to be able to trust that their information will be kept secure even in the mobile environment. Merchants need to know how to encrypt customer information as to ensure safety and software developers need to know how to put those options into place. Merchants and processors are responsible for their own aspects of secure practices and each side needs to know what part of PCI compliancy is theirs to manage. E-commerce continues to be the main attack on cardholder data since most face to face transactions are now more secure than ever especially with the advent of EMV technology in place in most of the world. Mobile merchants are the most venerable to any type of attack as much of the technology is new as well as the software driving it. Since one out of every three persons doesn’t even have a password for their mobile device, card data is often easily targeted and sold worldwide. Better educated merchants can use the guidelines in the PCI SSC documents to ensure they are targeting the right type of issues and asking proper questions before using e-commerce or mobile technology to do business. Remember: it is always easier to prevent customer data theft than to deal with it after the fact.
Let eMerchant help you get PCI compliant click here for more information.