PCI Guidance for E-Commerce Merchants
Feb. 7, 2013
The PCI Security Standards Council (PCI SSC) has released PCI DSS compliance guidelines for e-commerce businesses. The standards-setting body said its new publication is a response to the e-commerce community seeking more guidance on security compliance issues. It provides an overview of the components of a PCI compliant e-commerce infrastructure and a discussion on common vulnerabilities in e-commerce environments with recommendations on how to overcome them. One key consideration includes how third-party relationships affect a merchant’s PCI responsibilities.
“Regardless of the extent of outsourcing to third parties, the merchant retains responsibility for ensuring that payment card data is protected,” the guidance supplement states. “Connections and redirections between the merchant and the third party can be compromised, and the merchant should monitor its systems to ensure that no unexpected changes have occurred and that the integrity of the connection/redirection is maintained.”