Web security Part 1: How safe is your site?

Posted by AccountingWEB PM | on Mon, 25/04/2005 - 10:33 8272 2 comments

Website integrity is often overlooked by companies - but that's not the case for hackers, warns security expert Stewart Twynham of Bawden Quinn. With new rules due for online shops, he begins a three-part series on the whys and hows of web security.

Problem?

Continued...

New Legislation

becki_i | Tue, 26/04/2005 - 14:46 | Permalink

Interesting.....

Could you let me have some details of the new legislation or any web links that could send me to somewhere that could provide technical details?

No joy on Google or HMSO.

Kind regards

Becki

PCI Data Security Standard

sctwynham | Tue, 26/04/2005 - 20:36 | Permalink

The information you need is the Payment Card Industry (PCI) Data Security Standard.

This is a roll-up of all the programmes run by all card providers (e.g. in Europe, Visa's progamme was originally known as AIS (Account Information Security), in the USA as CISP - and by other names globally).

It applies to all card providers worldwide.

Visa has a good page which summarises all the requirements plus has a link to the standard. All other providers and most banks have similar pages, but like this one they may be somewhat buried!

www.visaeurope.com/acceptingvisa/securitystandards.html

The PCI standard is actually a very good document. Normally these kind of standards are very woolly, and years out of date written by committees with little or no technical knowledge. This one actually covers most of the risks pretty succintly, and is well worth reading!

www.visaeurope.com/acceptingvisa/PCIDataSecurityStandard.pdf

Here is a Mastercard International link as well:

https://sdp.mastercardintl.com/

Hope this helps,

Kind regards,

Stewart Twynham
stewart@bawden-quinn.co.uk