There are only a handful of days left for companies to become compliant with section 6.6 of the PCI DSS and there are even more scare-tactics being tossed into the marketplace. Compliance should not be feared, as we all know the penalty is what can be the most costly (see TJX). So what can you do to step up your compliance? Here are a few tips from around the web.

Security Ninja offers up these four tips:

1. Manual review of application source code
2. Proper use of automated application source code analyzer (scanning) tools
3. Manual web application security vulnerability assessment
4. Proper use of automated web application security vulnerability assessment (scanning) tools

On Tray Ford’s blog, there is mention of a supplement that was released to help clarify 6.6. It is used as a tool to help understand the requirement, although “in no way replaces or supersedes Requirement 6.6 in the Data Security Standard.”

Finally, I took to YouTube to find some helpful information about PCI and I stumbled upon the videos below.

Eleven days remain for companies to make sure their web-facing applications and websites are PCI Compliant according to section 6.6. Authoring the PCI Compliance blog series I often look up interesting websites for insights and quotes, although for this part in the series I can pretty much look inward at our own solutions.

The general thought is that by June 30, most of the companies who need it will fail to comply with section 6.6. The sad reality is the quick fix mentality will lead to many of the compliance issues, as application firewalls only place a Band-Aid on the gaping wound that is poor code development. So will your website be compliant? [The Tech Herald]

E-xact recently launched Web Secure Pay, which is a fully compliant way of having your website visitors complete transactions without ever leaving card data behind. Customers and clients stay within the confines of your website then when it comes time for transaction is processing they are passed through our secure systems and brought back to your online environment seamlessly.

We’ve also produced step-by-step screencasts featuring everything from implementation to the code that drives our intuitive transaction processing manager.

Section 6.6 is about looking at the code AND the application itself. It’s no secret that our application runs smoothly with Ruby on Rails, which allows for a slick interface while remaining secure with its tight and compliant code. You can view more detailed screencasts involving implementation and processes on our Viddler profile and click here to find out more about WSP.