Web security Part 1: How safe is your site?

Kashflow logo
Share this content

Website integrity is often overlooked by companies - but that's not the case for hackers, warns security expert Stewart Twynham of Bawden Quinn. With new rules due for online shops, he begins a three-part series on the whys and hows of web security.

Problem? What problem?

In April 2005, LexisNexis acknowledged that over 310,000 people may have had their identities and/or other personal information stolen from their US website. Investigations have revealed up to 59 separate incidents of 'fraudulent activity. If a large corporation can get things so wrong' what about the rest of us?

As a security consultant, barely a week went by in 2004 when I didn't...

Please Login or Register to read the full article

The full article is available to registered AccountingWEB.co.uk members only. To read the rest of this article you’ll need to login or register. Registration is FREE and allows you to view all content, ask questions, comment and much more.

About Stewart Twynham

About Stewart Twynham

Stewart Twynham is an experienced information security expert and AccountingWEB contributor. He recently founded the independent cyber-security consultancy Brandfire (https://brnd.fr/) to help businesses in Scotland tackle these issues.


Please login or register to join the discussion.

By becki_i
26th Apr 2005 14:46

New Legislation

Could you let me have some details of the new legislation or any web links that could send me to somewhere that could provide technical details?

No joy on Google or HMSO.

Kind regards


Thanks (0)
26th Apr 2005 20:36

PCI Data Security Standard
The information you need is the Payment Card Industry (PCI) Data Security Standard.

This is a roll-up of all the programmes run by all card providers (e.g. in Europe, Visa's progamme was originally known as AIS (Account Information Security), in the USA as CISP - and by other names globally).

It applies to all card providers worldwide.

Visa has a good page which summarises all the requirements plus has a link to the standard. All other providers and most banks have similar pages, but like this one they may be somewhat buried!


The PCI standard is actually a very good document. Normally these kind of standards are very woolly, and years out of date written by committees with little or no technical knowledge. This one actually covers most of the risks pretty succintly, and is well worth reading!


Here is a Mastercard International link as well:


Hope this helps,

Kind regards,

Stewart Twynham
[email protected]

Thanks (0)