More regulation for online retail arrives

By on

A new PCI-DSS regulation requires online retail firms to perform code reviewsand use a web application firewall.

Firms who process payment card industry data online, have another regulation to deal with. They must now become 'PCI-Compliant', after section 6.6 of the Payment Card Industry - Data Security Standard (PCI-DSS) standard came into force throughout Europe on 30 June.

The PCI-security standards council (PCI-SCC) said that PCI-DSS section 6.6 is intended to secure public Internet-facing web applications through two methods – reviewing code for Web applications and installing an application-level firewall.

“Whilst proper implementation of both options would provide the best multi-layered defence PCI SSC recognises that the cost and operational complexity of deploying both options may not be feasible,” added the PCI-DSS,.

Andrew Clarke, senior vice president at Lumension Security’ said that adhering to the standard extends beyond compliance. “About half of all account compromises are a result of web-application data breaches and of this, and about 90 per cent of the data compromises are a result of the top 5-10 web-application vulnerabilities, so being PCI-compliant also becomes a competitive differentiator for those that adhere,” he explained. @ 2010 Incisive Media

Most Read Articles

Log In

|  Forgot your password?