subject: Leave all your worries related to PCI security audit [print this page] Author: Jeff Author: Jeff
If you have an e-business and you accept payments through credit cards directly through your website, you are required to meet the Payment Card Industry (PCI) compliance and PCI audit requirements. PCI regulations are required in order to prevent internet fraud. Most business owners find the PCI subject quite technical and complex. Fortunately, there are a whole lot of consultants who will audit your business and tell you how you can meet the PCI guidelines, with warnings of dire consequences if you don't.
You can also download the PCI DSS document and have comprehensive information about PCI and security audit requirements. If you don't store primary account numbers (PANs) on any of your own servers, you can completely ignore most of the guidelines because they only apply to servers that store PANs. The good thing is that the responsibility for the remaining guidelines is shifted to the credit card gateway because they are the ones that keep track of the PANs. Although all major credit card gateways are PCI compliant because they would be such an obvious target.
There are certain PCI security audit guidelines for small businesses, to make PCI compliance less complex and expensive. Do not store customer PANs in your database, even encrypted as it makes your database server a much less attractive target. It inconveniences your customers a bit, because you can not pull up and auto-fill their credit card number.
Do not store PANs on your web server, encrypted or otherwise, not even in the temporary session. This may cause inconvenience to your customers a little if they have to go off the pages in that you can't restore the credit card number. It is best to minimize the chances to lose a credit card number in a page refresh or something of that sort. Encrypt pages that collect credit card numbers to take you to the credit card gateway with SSL and a security certificate.
Be vigilant that your server does not get rooted. Expert hackers can gain root access to your server that can be annoying. Hence its better to hire a consultant that can guide you to comply with the PCI security audit regulations.
iViz Security is a premium security software provider specialized in vulnerability assessment and PCI audit and security audit requirements to shield your network's security and save them from potential vulnerabilities and threats.About the Author:
Jeff Minton is an expert writer who writes articles for iViZ Security, the industry's first on-demand, comprehensive, cost-effective network penetration testing for web application security, vulnerability assessment and management solution that secures your critical applications and networks.
