If you are a small company with under 20,000 transactions annually you will most likely fall under category four compliance. Depending upon how you process your credit cards you may not be required to undergo penetration testing, which involves scanning your servers for over 3000 known vulnerabilities.

In which case you may need to only comply with the regulations by conforming to the SAQ (Self Assessment Questionnaire). This involves ensuring your internal processes are secure and that credit card data cannot get into the hands of criminals.

To see if you already comply with the regulations the first step is to undertake the SAQ and work through the stages to see if you are complaint or if you need to go further and have PCI Scanning take place on your servers to ensure these are secure from hackers and cyber criminals. (more...)

The Authorized Scanning Vendors (ASCs) are controlled by the PCI Security Standards Council who regulate this industry. If your company takes credit cards online through your own website where you process card payments online you will need to prove that your servers are PCI Compliant and are hacker proof.

This is where PCI Scanning takes place and during the scanning process over 3000 known vulnerabilities are scanned and any detected problems are highlighted with detailed instructions about the nature of the security threat and the best way to resolve the issues.

PCI Scanning can be done by anyone who has the technical skills namely the system administrator for the servers who would have a working knowledge of (commonly) Linux or Windows (or other hosting environment) and would be able to work through the issues flagged which could often mean setting firewalls correctly, blocking open ports or setting up Secure Sockets Layer (SSL) certificates which ensure data is encrypted etc. (more...)

Approved scanning vendors are the companies which are regulated by the PCI Security Standards Council who are the governing body for online payments. The Approved scanning vendors supply scanning services to merchants to ensure their severs are secure and hacker safe.

It is very important if you are accepting credit cards online to ensure your servers are PCI complianant else you could very well be risking your customers card details and as seriously find yourself hacked with your clients data lost causing your company great harm.

There are many breaches of security and depending on your business model such events can ruin your companies online reputation. (more...)

The Payment Card Industry Data Security Standard (PCI DSS) is a set of comprehensive requirements for enhancing payment account data security, developed by the founding payment brands of the PCI Security Standards Council. The PCI DSS is a group of principles and requirements where the specific elements of the DSS are organized:

PCI DSS stands for the Payment Card Industry Data Security Standard. PCI compliance is a set of regulations for companies who accept credit card payments.

Companies are required to conform to these regulations to ensure that sensitive card data is not compromised by their systems and servers. This ensures the Internet and shopping online is secure and reduces the number of fraudulent transactions.

These regulations could also be considered best practice for all online companies to ensure they do not expose themselves to unnecessary risks even if they are not taking online payments they could still benefit by ensuring security vulnerabilities are eliminated and their data is safe from being hijacked.

Despite being PCI compliant there is another security issue you should be aware of if you are asking customers to place sensitive credit card data or other information into online forms.

Most modern browsers have a 'feature' which stores the details of data which has been placed into online forms and by simply pressing the down arrow one will be able to see previously placed details into such forms. Take this example:

(more...)

All businesses that sell goods on the internet must obtain a merchant service account. These accounts are issued by banks and other reputable financial institutions. If a client is granted an account, the bank will process all of the company's online credit card transactions for a fixed commission fee.

Since online businesses are far riskier than traditional ones, banks require all new merchant websites to pass a series of security tests. The first and most common validation tool is called a Self-Assessment Questionnaire (SAQ).

The standard SAQ was designed to ensure that a company is complying with Payments Card Industry Data Security Standard (PSI DSS). In short, the bank wants to make certain that customers' credit card information is safe and cannot be accessed by internet criminals. Then there are Qualified Security Assessors (QSA). (more...)

For any company that has a server-based network, internet security should a top priority. It is simply not enough to rely on anti-viral software or basic security features anymore. Yes, we know, businesses must cut costs and improve efficiency to make a profit. But when it comes to internet security, the more you have the better.

Of course, it does not have to cost you an arm and a leg to protect your server. What it does mean, however, is that you must remain vigilant. You must make certain that you are using the right combination of security software and features to protect your servers.

Where to begin? All servers have built-in security features. Unfortunately, most businesses don’t utilise them because they don’t know how. As a result, they purchase a bunch of expensive software patches to do the same job at double the price. The solution? Hire a professional to configure your server's security settings. It will save you quite a bit of money in the long run. (more...)

The Payment Card Industry Data Security Standard is a set of continually evolving requirements designed to maintain a secure environment for all companies that process credit card information on the internet. PCI DSS compliance is a must for businesses that have a merchant service account or are preparing to apply for one.

Why is compliance so important? As you may know, identity fraud and theft is a growing problem on the internet. Of particular concern to online merchants and the banks that back them is the theft of credit or debit card information that is transmitted or stored. As we mentioned, PCI compliance is an attempt to prevent theft.

But sometimes even the best security measures are not enough. Fortunately, if and when theft occurs, sites that are PCI complaint are not held financially responsible. However, if the website is not PCI complaint at the time of the theft, the bank that backs them will receive fines of at least five thousand pounds for each violation. These fines will then be passed on to the merchant in the form of higher transaction fees. The bank may also choose to terminate the account of the violator. (more...)

Every company that sells goods or services on the internet must be PCI DSS compliant. The acronym stands for Payment Card Industry Data Security Standard. What is it? In short, these standards were designed to protect consumers from internet thieves who steal credit card information from unprotected websites. PCI Data Security Standard must be abided by or heavy fines may be assessed.

In this article we will discuss the PCI DSS requirements for small businesses. Though the standards are not quite as rigorous for them, it is every bit as important that they maintain compliance. After all, a small company is subject to the same fines as a large one if they fail to meet the requirements.

The first thing a small business owner must do to satisfy PCI standards is to identify the Self Assessment Questionnaire (SAQ) that is appropriate for his business. The SAQ is a simple validation tool which when properly used will ensure PCI compliance. (more...)

Web based languages are necessary for creating home pages and for more complex ecommerce solutions. In this article we will discuss two of the most popular web languages, PHP and NET. Recent industry surveys confirm that PHP is now the language of choice for more than twenty million domains. This puts NET at a distant third, after PHP and PERL.

How has PHP become so popular so fast? After all, NET is a Microsoft language that is famous for its speed. Even so, webmasters all around the world continue to recommend PHP over NET. One reason for its unprecedented success is that it is compatible with Linux Apache MySQL (LAMB), which is a web server that has been installed on over half of the world’s websites. This popular web server can be downloaded for free from the secure Apache website, and PHP works well with it.

Not surprisingly, financial concerns are the key when it comes to any debate about which language is better NET or PHP. After all, the cost of owning and running Net on Windows is considerably higher than the cost of running PHP on LAMB. (more...)

What is a brute force attack? No, it has nothing to do with physical aggression. Rather, it is a technique utilised by internet criminals and hackers to gain access to encrypted data. These sorry reprobates rely on this method to gain access to confidential information, specifically credit card data.

How can a website block them? The software that hackers use to gain access to your system is really quite simple. Basically, it will continue to guess random passwords and usernames until it cracks the codes. If they do manage to identify your codes and gain access, hackers will be able to review sensitive information such as email and FTP accounts.

The technique is called brute force because they are essentially forcing their way into your system after hundreds, even thousands of attempts. The dreaded dictionary based attacks rely on automated scripts and can guess thousands of common usernames each hour. (more...)

When a business makes the decision to sell goods or services on the internet, it must obtain a merchant service account from a bank or financial institution. But before a company can be approved, it must demonstrate that it has a secure website that can protect the financial information of its customers from internet criminals.

The Payment Card Industry Data Security Standard (PCI DSS) was designed to ensure that companies can fulfill their obligation to their customers. In this article we will discuss one important component of the security validation process, the PCI scan.

But before we begin, it is important to note that not all online merchants are required to pass a scan. In fact, only businesses that have external facing IP addresses must complete one. For those that do not speak techno babble, this simply means that if you store or save cardholder information of any kind on your servers, your website must submit to a scan. These scans must be administered by an Approved Scanning Vendor (ASV). But do not fret, there is free PCI Scanning available on the internet, however you will soon be asked to pay for the service and often these charges are much higher than other so-called non free. (more...)

In response to the marked increase in identity fraud and theft on the internet, the Payment Card Industry Security Standards Council (PCI SSC) was formed in 2006.

Shortly thereafter, they introduced a set of basic requirements that all online merchants must follow. These rules are known as the Payment Card Industry Data Security Standard (PCI DSS).

How does it work? Well, when a company makes the decision to sell goods or services on the internet, they must apply for a merchant service account. These accounts are typically granted by banks or other financial institutions. But since these institutions are held financially responsible for the actions of their clients, they must ensure that all merchant websites are secure. The tool that they use to accomplish this is the PCI DSS. (more...)

Every business that accepts credit or debit card payments on the internet must be PCI DSS complaint. The actual acronym stands for Payment Card Industry Data Security Standard. In short, they are a set of requirements that were designed to protect online consumers from identity fraud and theft.

As these crimes have grown increasingly common, the PCI standards have become quite rigorous. Not to mention the fines and penalties that can be accessed when a business fails to comply with PCI DSS.

What can they do? When a company violates these basic rules, the bank or financial institution that granted them a merchant service account will be hit with a series of fines. These fines will then be passed on to the account holder in the form of higher transaction fees. The bank may also decide to terminate the account if the risk of future fines is too high. (more...)

Form management is an important consideration for any company that sells goods or services on the internet. Basic HTML forms are used to collect customer information, forward it by e-mail or to send a simple auto response. In this article we will discuss the best form management solutions for online companies.

What should you look for? For starters, a company should select a form processor that accepts any web-based form that is submitted to it. It is also advisable to avoid a hosted solution. Rather, a form processor that is installed on the website and includes complete application scripts is the preferred solution.

How about features? Form processers can help your company process surveys, order forms, reservation forms, contact forms, and reservation forms. They are especially helpful for both new and established companies that collect customer feedback from their sites but worry about escaping data. Let us take a moment to review a few of the most common form management features. (more...)

With internet fraud and theft on the rise, companies that sell goods and services online are expected to update their security software and features frequently. In fact, there is a set of strict rules and regulations called the PCI DSS that all internet sellers must abide by. In this article we are going to discuss a common technique of internet thieves called SQL injection attacks SQL stands for Structure Query Language. It is a common set of codes that can be used by hackers to exploit the security vulnerabilities of a database. These attacks often occur when an application uses SQL statements to connect to the company’s database. Unfortunately, most current security programs cannot protect the database from SQL attacks.

What is the point? Once an unscrupulous user has gained access to your database, he is free to execute whichever commands he wants. And when it comes to the typical internet thief, he will be looking for financial and personal information, such as credit card and social security numbers.

There are three common vulnerabilities that make your database more susceptible to these attacks. They include: weak input validation codes, no type-safe parameters and no restrictions on database logins. Fortunately, there are several things that a business can and should do to protect his clients. (more...)

Cross-site scripting (XSS) attacks are a common tool of internet thieves who introduce malicious scripts into order to get access to a private database or server. Once inside, a hacker can steal private customer information, such as social security and credit card numbers. Many companies have lost clients and as well as their merchant service accounts because they failed to take the necessary steps to protect their customers from XSS attacks.

Where to begin? The only effective way to prevent an attack from a hacker is to make certain that your system is not vulnerable to XSS attacks. It is also important to know which tricks and stratagems these thieves employ. Let us take a moment to review them.

The easiest and most reliable way for a hacker to gain access to a secure site is to send an email to a current customer that includes an attractive offer. This is commonly called phishing, and if the customer bites by clinking on the link, the hacker can monitor his movements, including when he enters his user ID and password. At that point, the thief will have all he needs to enter a secure system and retrieve whatever confidential information he wants. (more...)

According to a recent report, internet thieves in the UK committed over 3.6 million cybercrimes in 2008. But for some strange reason the public does not seem all that concerned about the sharp rise internet crime. Perhaps this is because they believe cybercrime is something that only happens to large corporations. After all, most users do not have much to steal, so why would a hacker waste his time with them?

Well, it does make sense. Unfortunately, it is also wrong. Statistics show that petty crime on the internet is on the rise. In the last five years there has been a 207 percent increase in identity theft and fraud. Why is this happening? There are a number of reasonable explanations.

For one thing, we must consider public complacency. The popular misconception that hackers only go after the big fish has resulted in easy pickings for internet criminals. After all, hacking into a bank and stealing fifty-thousand pounds is extremely challenging and even the most adept cybercriminals are often caught. But pilfering one or two thousand pounds from a clueless online shopper is a cinch for most virtual thieves. How can you protect yourself from being hacked? (more...)

Password protected pages are used by online businesses that need to guard sensitive information that can only be accessed by specific members. The average internet user will encounter a password protected page whenever he wants to pay an online bill, download current software or enter a restricted section of his favourite website. In this article we are going to discuss password protected pages and their importance to FTP.

What is it? FTP stands for file transfer protocol. In short, it is a procedure that is used to transfer data from one computer to another. FTP lets companies sell software, images, music or documents on the internet. As you might expect, these wares must be protected by a password page or people would simply download them for free.

What do you need to know? Like software and virus checkers, a password page can only be run if your website and system meets the requirements. For starters, you must own the domain name and run the site yourself. It must also be on an Apache based web server. Lastly, you must have FTP access. (more...)

The internet is a dangerous place these days. Not only is identity theft and fraud on the rise, but there are worms and viruses that can infect almost any computer at any time. In this article we are going to talk about one of the most serious infections on the internet today, BOT NET.

They are called bots, short for robots, because they are computer networks that have been taken over and can be controlled by malware programs. Once a computer has become infected and is under the control of an internet thief, it can be used for any number of illegal activities. Occasionally, the hacker will use your computer to attack businesses and steal financial information from internet shoppers. Then when the virtual spoor has been traced, the authorities will track down the computer owner and place him under arrest.

At that point, it will be up to the computer owner to prove that he had no knowledge of the crimes that were being committed with his personal computer. You might think that only a fool could be caught in such a predicament, but Bot Net programs are really rather sophisticated. Most of them will only start working once the user has logged off, so as not to alert the user that his computer is infected. (more...)

Since the advent of the internet, cybercrime has been on the rise. But it is only in the last few years that it has become a full-blown epidemic. According to a recent report, online banking fraud has increased by an astonishing 132% in the UK. Losses now total 55 million pounds, compared with just 22 million pounds in the previous year.

Why the staggering increase? Believe it or not, the principle reason that cybercrime is on the rise is that consumers are more confident than they’ve ever been when it comes to shopping and paying bills on the internet. That is why internet commerce is on the rise.

Obviously, this confidence is unwarranted. Why then do people continue to believe it, even after they have seen the statistics? And why not protect your PC? Those are more difficult questions to answer. Perhaps it is because they believe that hackers only attack large online businesses and that they don’t waste their time chasing after a few thousand pounds. (more...)

Servers are one of the most important pieces of hardware for companies that do business on the internet. Often, these servers store personal and financial information of current customers. This makes them a prime target of internet thieves who make their living breaking into servers and stealing information. How can you tell that your server has been hacked?

For a thief to gain access to your system, he must use either a virus or a worm. These programs typically disrupt the normal functions of your computer, which often manifests itself in a general slowdown of operations or intermittent freezes.

If your computer demonstrates any of the common computer virus systems, it is important that you investigate right away. Begin by checking the log record. Are they multiple login attempts by users that you do not recognise? If there are, it may mean that your server has been compromised. Hackers may also create new user accounts, add .exe files, or disable the anti-virus. (more...)