E-commerce has provided organizations of all sizes the ability to reach new markets and offer products and services to, in essence, the world. Entrepreneurs, small to medium businesses, charitable groups, and other established organizations may even rely on online transactions as a primary method of revenue. Because of the critical nature of E-commerce, a web hosting solution that provides constant and reliable internet connectivity is often required in order to accommodate transactional requests from the organizations' consumers.
Needed Protection for Businesses and Consumers
E-commerce transactions must be performed in a way that helps build consumer trust by limiting the risk of fraudulent activities as well as ensuring the privacy of consumer information. The reality, however, is that as of 2005, the Privacy Rights Clearinghouse has recorded approximately 345 million breached records in the U.S. alone. Many of these records are listed as credit card numbers or other card holder data which was lost, stolen, or accessed without authorization.
PCI Benefits to Businesses
To minimize this type of risk to sensitive consumer information, the Payment Card Industry (PCI) created a commission, the Payment Card Industry Security Standards Council (PCI SSC), charged with setting and maintaining the Payment Card Industry Data Security Standards (PCI DSS). PCI DSS helps alleviate the vulnerabilities associated with the transmission, storage, and/or processing of cardholder data, specifically the Primary Account Number.
Achieving compliance with PCI DSS is a continuous process of performing assessments, remediation efforts, and reporting the results. The Council's many resulting documents help merchants and service providers mitigate risk and maintain a secure online transaction process.
What PCI Does Not Cover
PCI DSS is based on best practices for the protection of sensitive cardholder information but provides little to no guidance on how to scale an E-commerce environment while maintaining compliance. Nor does it provide guidance on how to manage elements of an E-commerce strategy outside of PCI compliance. Additionally, the systems (server, storage system, etc.) which support this process are not always in the scope of PCI DSS, hence should be isolated from the systems which actually transmit, process, and/or store cardholder information.
General PCI Best Practices
Because E-commerce is more complex than simply purchasing a shopping cart or setting up a PayPal™ account, businesses that utilize online transactions must first identify potential risks both to the consumer and to the business itself. Once risks are identified, they should then consider how well existing resources can meet those needs and mitigate risks. If the existing resources cannot sufficiently and reliably perform those functions the business should consider a solution that best fits the business and protects all parties according to PCI DSS.
Rackspace® Hosting offers guidance that can help identify risk as well as assist in the development of a plan to become PCI compliant.
© 2011-2013 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License