PCI Compliance (Payment Card Industry Data Security Standard)If your business relies on payment by credit cards, compliance to the PCI security standards will be required by September 2007. Non compliance means you can lose your merchant account, and what’s more you open up your company to fines, lawsuits and bad publicity. You must comply with all security standards by September 2007 or risk loosing your merchant account! TJX - an illustration of the real world need for PCI The TJX Companies Inc. breach is the largest known data theft to date. Hackers invaded the TJX systems resulting in at least 45.7 million credit and debit card numbers stolen over an 18-month period. As well as the stolen personal data, including driver's license numbers of another 455,000 customers who returned merchandise without receipts. TJX violated some of the basic tenets of the PCI Data Security Standard (PCI DSS) and according to several PCI auditors, it will pay a heavy financial price. TJX were clearly negligent in holding onto unencrypted cardholder data, a direct violation of the PCI DSS. Penalties for noncompliance range from fines of up to $500,000 to increased auditing requirements or even losing the ability to process credit card transactions. To avoid similar cases such as TJX happen again, major credit card companies including VISA and Mastercard have established a strict set of rules called the Payment Card Industry Data Security Standard (PCI DSS). This standard will govern retail, mail orders, telephone orders and most importantly e-commerce. The PCI security standards cover several security areas, a detailed document of the standards can be found here PCI compliance requires that you audit your web site securityIf your company has a website and does business online, PCI compliance requires that you ensured that your web site and other web applications are secure. You are required to scan your shopping cart and other web applications for vulnerabilities! Acunetix Web Vulnerability Scanner version 6 helps you meet the following PCI requirements:
Acunetix will check your web site and alert you to any issues you need to fix. Once fixed, it will create a detailed report which will allow you to easily prove that you meet these particular PCI standards. A sample of such a report (of a web site application that does NOT meet the standards) can be found here. Only a Web Vulnerability Scanner such as Acunetix can help you meet the above requirements; Network Security Scanners will not be able to check the above requirements! Acunetix Web Vulnerability Scanner is a crucial tool to help you meet PCI compliance. Its easy to use and inexpensive – take a product tour or download the evaluation version! Články o bezpečnosti Keeping Web Hacking at bay with Acunetix - How to avoid a Hacker Attack on your websiteCross Site Scripting - XSS - The Underestimated Exploit Microsoft UK Events Website Hacked The JavaScript Engine of Acunetix WVS Web Applications: What are they? What of them? The True Nature of Web Application Security: The Role and Function of Black Box Scanners Web hacking: An underestimated threat Ajax security: Are AJAX applications vulnerable to hack attacks? PHP / SQL Security - Part 6 How to check for SQL injection vulnerabilities Dokumenty White Paper Hledání správného skeneru webových aplikací; proč black-box nestačíThe Payment Card Industry Compliance - Securing both Merchant and Customer data. Web Services - The Technology and its Security Concerns Are AJAX Applications Vulnerable to Hack Attacks? The importance of Securing AJAX Web Applications Auditing Your Web Site Security with Acunetix Web Vulnerability Scanner The Importance of Web Application Scanning SQL & PHP Security by Andrew J. Bennieston |
|
