More regulation for online retailers came into force last week, courtesy of the Payment Card Industry Data Security Standard (PCI-DSS) section 6.6.

The question is will online retailers rush to implement the recommendations – namely secure code reviews for self-written web applications and tacking a web application firewall onto their web server front ends?

Given the rocketing number of public-facing retail web sites, there might not be enough experts to do such a code review across all those sites, never mind the small matter of how much they would charge for such a service. And there is also the issue of how often these code reviews would need to run to be valuable, whether annually, quarterly or even monthly.

Add on the cost of a properly maintained web application firewall, and the cost to retailers could be something that they just would not countenance, even though the web’s share of total retail sales is increasing fast. Also taking into account in the shockwaves from the credit crunch and oil price increases, and retailers may elect to pass on this one – again.

Last August credit card giant Visa relaxed the PCI-DSS regulations after seeing that it would have had to penalise a massive number of online retailers for non-compliance. Has anything changed? Well, yes – the global economic situation has deteriorated considerably and the payment card providers might need to be as understanding once again.