<img alt="" src="https://secure.leadforensics.com/150446.png " style="display:none;">

Is your e-Commerce compliant with PCI DSS revisions?

Mariam Abuhaideri Jun 14, 2018

PCI DSS GDPR eCommerce

e-Commerce has always been a target for swift cyber theft. You may not even realize that your technology has been compromised by cybercriminals, until after the breach. Nothing is bulletproof, not even standards such as PCI DSS (Payment Card Industry Data Security Standard). However, it at least offers some defense.

The only constant in life and in the life of technology is transformation. As such you have to adapt or transform yourself to survive and to secure your position. Even security standards would become worthless unless they dynamically changed along with the world. You might be wondering why you need to pay two hoots to all this talk about security standards - too much work for nothing - and you choose to ignore. Agreed that scrutinized attention to new compliance standards translates to added work and expense, but it is more than worth it in order to avoid the risk of a data breach that could destroy the reputation and financial viability of your business.

The key in ensuring that technology works in your favor rather than against you lies in encryption, which ensures that your data does not get compromised, or even if it does, it becomes meaningless to an unauthorized predator. With each new hacking advancement, cyber security becomes more robust and the vicious cycle continuous. The good news is that a cure is always instituted. Luckily for us, a new version of the cure will be offered on June 30th. Are you willing to protect your balance sheets?

PCI policy
So the first version of PCI DSS debuted on December 15, 2004. What then does June 30th mean? As with every technology or rule, PCI DSS has also been subject to revisions. We expect the complete migration from SSL/early TLS to a more secure encryption protocol- TLS 1.1 or higher in order to meet the PCI Data Security Standard (PCI DSS) for safeguarding payment data.

If your organization has an e-Commerce presence or partners with e-Commerce companies no matter how small or big, read on for key advise to alleviate the risk of being breached.

TSL (Secure Socket Layer) and Transport Layer Security (TLS)
So what can you do to prepare your e-Commerce website for the change?

Make sure the server your site is hosted on is compatible with this new protocol. TLS 1.1 and 1.2 will not be supported for Microsoft Windows-hosted websites or web apps, by anything older than Windows Server 2008.

Ensure that your on-site and off-site servers do not default to SSL or TLS 1.0. Your IT team (or third-party hosting partner) will need to be vigilant about the migration.

Notify your customers that older operating systems will not be able to access your site after June 30. They would need to update their OS. With this message you are conveying to them that you take security seriously and therefore even though updating is a pain, it is only meant to protect them in the long run.

Isolate your servers and opt for more secure bases. Ensure you know exactly where your client’s data is stored and how secure your infrastructure is.

With June 30 rapidly approaching, it is time to start migrating to TSL 1.1 or 1.2. If you haven’t already, reach out to your webmaster or web developer to discuss the steps needed to get your online payments compliant before the deadline or risk losing your ability to take credit card payments.

And small businesses are more susceptible to attacks. So if you are small and thinking your system does not come under these regulations, then you would be digging your own grave in the advent that a client’s data is violated. Not to mention the harsh fines you would have to pay if you do not comply with PCI, but won’t be worse than the impact it would have on your brand image and the loss of trust for not taking security seriously.

Make no mistake in relating PCI compliance to GDPR. GDPR is a requirement if you do business in the EU and with residents of the EU. PCI DSS is a regulation that governs all credit card transactions even if your business is only you. Got questions? Let’s discuss in comments.

e-Zest is a leading digital innovation partner for enterprises and technology companies that utilizes emerging technologies for creating engaging customers experiences. Being a customer-focused and technology-driven company, it always helps clients in crafting holistic business value for their software development efforts. It offers software development and consulting services for cloud computing, enterprise mobility, big data and analytics, user experience and digital commerce.