More regulation for online retail arrives

By

A new PCI-DSS regulation requires online retail firms to perform code reviewsand use a web application firewall.


Firms who process payment card industry data online, have another regulation to deal with. They must now become 'PCI-Compliant', after section 6.6 of the Payment Card Industry - Data Security Standard (PCI-DSS) standard came into force throughout Europe on 30 June.

The PCI-security standards council (PCI-SCC) said that PCI-DSS section 6.6 is intended to secure public Internet-facing web applications through two methods – reviewing code for Web applications and installing an application-level firewall.

“Whilst proper implementation of both options would provide the best multi-layered defence PCI SSC recognises that the cost and operational complexity of deploying both options may not be feasible,” added the PCI-DSS,.

Andrew Clarke, senior vice president at Lumension Security’ said that adhering to the standard extends beyond compliance. “About half of all account compromises are a result of web-application data breaches and of this, and about 90 per cent of the data compromises are a result of the top 5-10 web-application vulnerabilities, so being PCI-compliant also becomes a competitive differentiator for those that adhere,” he explained.
Got a news tip for our journalists? Share it with us anonymously here.
itweek.co.uk @ 2010 Incisive Media
Tags:

Most Read Articles

Microsoft knew of SharePoint security flaw in May, initial patch ineffective

Microsoft knew of SharePoint security flaw in May, initial patch ineffective

Allianz Life says majority of US customers' data stolen in hack

Allianz Life says majority of US customers' data stolen in hack

NT gov agency targeted in alleged $3.5m BEC scam

NT gov agency targeted in alleged $3.5m BEC scam

Gov to encourage vuln research, puts insurers and NFPs on notice

Gov to encourage vuln research, puts insurers and NFPs on notice

Log In

  |  Forgot your password?