Firms who process payment card industry data online, have another regulation to deal with. They must now become 'PCI-Compliant', after section 6.6 of the Payment Card Industry - Data Security Standard (PCI-DSS) standard came into force throughout Europe on 30 June.
The PCI-security standards council (PCI-SCC) said that PCI-DSS section 6.6 is intended to secure public Internet-facing web applications through two methods – reviewing code for Web applications and installing an application-level firewall. “Whilst proper implementation of both options would provide the best multi-layered defence PCI SSC recognises that the cost and operational complexity of deploying both options may not be feasible,” added the PCI-DSS,.
Andrew Clarke, senior vice president at Lumension Security’ said that adhering to the standard extends beyond compliance. “About half of all account compromises are a result of web-application data breaches and of this, and about 90 per cent of the data compromises are a result of the top 5-10 web-application vulnerabilities, so being PCI-compliant also becomes a competitive differentiator for those that adhere,” he explained.
Have your say on this article
Newsletters
Latest stories from Security Technology
You may also like
Security Technology jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
