More regulation for online retail arrives

By

A new PCI-DSS regulation requires online retail firms to perform code reviewsand use a web application firewall.


Firms who process payment card industry data online, have another regulation to deal with. They must now become 'PCI-Compliant', after section 6.6 of the Payment Card Industry - Data Security Standard (PCI-DSS) standard came into force throughout Europe on 30 June.

The PCI-security standards council (PCI-SCC) said that PCI-DSS section 6.6 is intended to secure public Internet-facing web applications through two methods – reviewing code for Web applications and installing an application-level firewall.

“Whilst proper implementation of both options would provide the best multi-layered defence PCI SSC recognises that the cost and operational complexity of deploying both options may not be feasible,” added the PCI-DSS,.

Andrew Clarke, senior vice president at Lumension Security’ said that adhering to the standard extends beyond compliance. “About half of all account compromises are a result of web-application data breaches and of this, and about 90 per cent of the data compromises are a result of the top 5-10 web-application vulnerabilities, so being PCI-compliant also becomes a competitive differentiator for those that adhere,” he explained.
Got a news tip for our journalists? Share it with us anonymously here.
itweek.co.uk @ 2010 Incisive Media
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?