by Viktor Ahrens and Dennis Yang.
The Information Supplement “Best Practices for Securing E-commerce” supports merchants and service providers in e-commerce in assessing the security of existing e-commerce solutions and selecting a suitable implementation.
Apart from the different e-commerce solutions and examples, the Information Supplement also contains clarifications on merchants’ and service providers’ different responsibilities. Merchants and service providers who outsource their services to a third party provider entirely often erroneously assume that they are no longer responsible for the PCI DSS requirements. The information supplement provides clarifications on this issue.
The document also contains detailed explanations and diagrams on each of the individual e-commerce solutions regarding the PCI DSS scope, security risks, and costs and expenses. The document specifically addresses commonly offered solutions using URL Redirect, iFrames, Direct Post, Java Script, and APIs. Further topics surrounding e-commerce, such as “Tokenization” and “Encryption” are discussed in a concluding chapter on “Best Practices”.
The Guidance can be found on the official PCI SSC website here
If you have further questions or need assistance with your scope definition, please contact us. Our specialists are happy to help:
+49 6102 8631-190
About the PCI Expert Tips:
With our PCI Expert Tips, we would like to keep you informed about changes to the PCI Security Standards and provide you with initial explanations as to what the changes entail and how they may affect you. Please always take our articles only as a general reference – they do not replace individual case-by-case evaluations.
Outsourcing applications and data to the cloud brings significant benefits for companies, but at the same time also new challenges for the corresponding IT departments. The technologies and processes of a cloud environment differ from those of local data centers....