PCI Compliance Series: Part Ten - PCI DSS 6.6 Deadline This Summer
Posted Tuesday, June 17th, 2008
Categories: PCI.
PCI Blog - Compliance Demystified: “What does it mean? In order to understand this you have to take my Attack Vector based Risk Management (AVRM) approach towards the intent behind this requirement. One could easily reference that the intent behind this requirement is to prevent Internet-facing web-application compromises and you would be correct, but also missing the deeper meaning and back story.
Although card-present (typically IPOS) systems account for a greater number of credit cards stolen, about half of all account compromises are a result of web-application data breaches. Of this population, about 90%+ of the data compromises are a result of the top 5-10 web-application vulnerabilities. These include, but are not limited to, SQL injection, cross-site scripting, cross-site request forgery (CSRF) and other input/output validation issues. Knowing this you can now imagine that if we could mitigate the risk of these top attacks we could reduce the population of credit card data breaches by almost half!
This standard is focused on web-applications that process transactions, which is basically right up our alley. Finding the proper (and secure) web-application for your merchant needs can be difficult and you’ll certainly want to find one that meets PCI DSS 6.6 by the end of this month.
We are pleased that E-xact has been fully PCI compliant over the last several years and remains as such.
You can find more information on the official PCI DSS website and feel free to contact us to discover ways that E-xact can alleviate your security risks when using our payment management solutions.
- PCI Compliance Series: 6.6 Roundup - June 23rd, 2008
- PCI Compliance Series Part Twelve: Using WSP to help with 6.6 Compliance - June 19th, 2008
- PCI Compliance Series Part Eleven: Link Roundup Examining 6.6 - June 18th, 2008
- News Release: E-xact Achieves PCI Compliance Again in 2008 - April 14th, 2008
