PCI: A Component of the E-Commerce Strategy

PCI: A Component of the E-Commerce Strategy Posted on: April 2010 by Gregg Stout, Rackspace Sales Engineer E-commerce has provided organizations of all sizes the ability to reach new markets and offer products and services to, in essence, the world. Entrepreneurs, small to medium businesses, charitable groups, and other established organizations may even rely on online transactions as a primary method of revenue. Because of the critical nature of E-commerce, a web hosting solution that provides constant and reliable internet connectivity is often required in order to accommodate transactional requests from the organizations' consumers. Needed Protection for Businesses and Consumers E-commerce transactions must be performed in a way that helps build consumer trust by limiting the risk of fraudulent activities as well as ensuring the privacy of consumer information. The reality, however, is that as of 2005, the Privacy Rights Clearinghouse has recorded approximately 345 million breached records in the U.S. alone. Many of these records are listed as credit card numbers or other card holder data which was lost, stolen, or accessed without authorization. PCI Benefits to Businesses To minimize this type of risk to sensitive consumer information, the Payment Card Industry (PCI) created a commission, the Payment Card Industry Security Standards Council (PCI SSC), charged with setting and maintaining the Payment Card Industry Data Security Standards (PCI DSS). PCI DSS helps alleviate the vulnerabilities associated with the transmission, storage, and/or processing of cardholder data, specifically the Primary Account Number. Achieving compliance with PCI DSS is a continuous process of performing assessments, remediation efforts, and reporting the results. The Council's many resulting documents help merchants and service providers mitigate risk and maintain a secure online transaction process. What PCI Does Not Cover PCI DSS is based on best practices for the protection of sensitive cardholder information but provides little to no guidance on how to scale an E-commerce environment while maintaining compliance. Nor does it provide guidance on how to manage elements of an E-commerce strategy outside of PCI compliance. Additionally, the systems (server, storage system, etc.) which support this process are not always in the scope of PCI DSS, hence should be isolated from the systems which actually transmit, process, and/or store cardholder information.
INTERNATIONAL: 1.210.312.4000 | FAX: 1.210.312.4100 | WWW.RACKSPACE.COM ®RACKSPACE HOSTING | 5000 WALZEM ROAD | SAN ANTONIO, TX 78218 U.S.A.
General PCI Best Practices Because E-commerce is more complex than simply purchasing a shopping cart or setting up a PayPalT account, businesses that utilize online transactions must first identify potential risks both to the consumer and to the business itself. Once risks are identified, they should then consider how well existing resources can meet those needs and mitigate risks. If the existing resources cannot sufficiently and reliably perform those functions the business should consider a solution that best fits the business and protects all parties according to PCI DSS. Rackspace® Hosting offers guidance that can help identify risk as well as assist in the development of a plan to become PCI compliant.
®RACKSPACE HOSTING | 5000 WALZEM ROAD | SAN ANTONIO, TX 78218 U.S.A. INTERNATIONAL: 1.210.312.4000 | FAX: 1.210.312.4100 | WWW.RACKSPACE.COM
... [download for more]