Having your credit card stolen is a major concern for any cardholder. Combine that with the responsibility of buying supplies for the government and it is enough to lose sleep over. Attacks on payment card processing systems are on the rise. Organized internet thieves target all sizes of on-line merchants. According to a study by the University of Michigan, 76 per cent of websites from 214 US financial institutions suffer from at least one security design flaw that prevents secure usage (you can find the full report at http://cups.cs.cmu.edu/soups/2008/proceedings/p117Falk.pdf).
No one is completely safe.
Fortunately, there’s a clear path of action for merchants that can help prevent compromise of payment card data. The Payment Card Industry Data Security Standard is the authorized program of goals and associated security controls and processes that keep payment card data safe from exploitation. The standard is often called by its acronym PCI DSS or PCI.
This standard was created to help payment card industry organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organizations that hold, process, or exchange cardholder information from any card branded with the logo of one of the card brands. This includes deploying multiple firewalls within the ecommerce system and separating the credit card database from other system processes.
As principle developer of the DOD EMALL eCommerce site, Partnet recognized the vulnerabilities of the system. In 2008, when the Defense Logistics Agency mandated that DOD EMALL be moved into a DISA enterprise data center, Partnet recommended that the ecommerce system network be redesigned to move toward PCI compliance. This was the first time the Department of Defense dealt with this commercial standard. Partnet […]