New guidelines to help ecommerce merchants keep their customer data safe have been issued by the PCI Security Standard Council. Merchants can also find out more by signing up for a webinar to be held later this week.
The PCI DSS Ecommerce Guidelines Information Supplement is intended to help organisations understand their responsibilities when it comes to safeguarding customer data and complying with the PCI DSS standards. It is also aimed at helping traders choose ecommerce technologies and third-party service providers.
“This is the first specific guidance that the council has published for ecommerce,” said Jeremy King, European director of the PCI Security Council. “The aim is to try to give easy to follow practical guidance for everyone involved in ecommerce.” He said the guide advised both those handling payments themselves, outlining the risks and what must be protected, as well as those entrusting the job to third party providers.
The guidance has been produced by the PCI Security Standards Council’s Ecommerce Security Special Interests Group. The group involved more than 60 organisations worldwide, from banks and merchants to security assessors and technology vendors in producing the guidance. The PCI Security Standards Council was set up in 2006, founded by major credit card companies in order set out the core standards (PCI DSS) that merchants must meet in order to take payments using those cards.
The guide, which comes at a time when ecommerce fraud is rising as Chip and Pin fraud falls, includes an overview of ecommerce and PCI DSS. It also outlines common vulnerabilities in ecommerce that merchants should consider when developing or choosing ecommerce software and services.
Other elements included are best practice recommendations on securing ecommerce environments and a checklist of responsibilities that outlines, when payments are outsourced, which elements of security the merchant and the payments company are responsible for.
A webinar exploring the guidance will be held on February 14. More information on the event and information on registering for it can be found here: https://www.pcisecuritystandards.org/training/webinars.php.