This article and information was taken from an article in Website Magazine, the Magazine for Website Success. All credit and information credit is due and given and belongs to them. Thank you, the Revolution Web Studios Team.

The face of e-commerce is about to change in a big way. In the coming months, the Payment Card Industry (PCI) implements DSS - the new standard in security practices for e-commerce companies. Whether you are an online merchant, webmaster or Web host, it is vital to understand the fundamental requirements of the PCI DSS (Payment Card Industry Data Security Standard) to keep your business and your clients from incurring stiff penalties.

The Payment Card Industry Data Security Standard

PCI DSS  was developed by the founding brands of the PCI Security Standards Council, including America Express, JCB, Discover, MasterCard and Visa. The PCI Council has established this standard to protect cardholder information. As a vendor, it is critical that you are not only aware of the new requirements, but also understand the tools and practices available to remain in compliance with the new standard.

The Need to Comply

PCI DSS provides a comprehensive set of requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.

The standards outlined within PCI Council can be used to help build the security policies and structure for the enterprise, data centers and your customers. This set of standards should be used as a best practices guide to implement and follow.

Even though the PCI Council manages the underlying security standards, compliance is set independently by the individual brands. Each brand has its own set of penalties that can range from $8 per compromised account to more than $158,000 per incident, with additional penalties ranging from restrictions to outright loss of use.

PCI DSS Requirements

There are twelve major requirements to the PCI standard:

Build and Maintain a Secure Network

• 1. Install and maintain a firewall configuration to protect card holder data.
• 2. Do not use vendor-supplied defaults for system passwords and other security parameters.

Protect Cardholder Data

• 3. Protect stored cardholder data
• 4. Encrypt transmission of cardholder data across open, public networks.

Maintain a Vulnerability Management Program

• 5. Use and regularly update anti-virus software.
• 6. Develop and maintain secure systems and applications.

Implement Strong Access Control Measure

• 7. Restrict access to cardholder data by business need-to-know
• 8. Assign a unique ID to each person with computer access.
• 9. Restrict physical access to cardholder data.

Regularly Monitor and Test Networks

• 10. Track and monitor all access to network resources and cardholder data.
• 11. Regularly test security systems and processes.

Maintain an Information Security Policy

• 12. Maintain a policy that addresses information security.

In June 2008, The PCI Council added Appendix A, which is “PCI DSS Applicability for Hosting Providers.” In a nutshell, all service providers with access to cardholder data (including hosting providers) must adhere to the PCI DSS. In additional, Requirement 2.4 states that hosting providers must protect each entity’s hosted environment and data. Therefore, hosting providers must give special consideration to the following.

A.1 -Protect each entity’s (that is merchant, service provider, or other entity) hosted environment and data, as in A.1.1 through A.1.4:

A.1.1 -Ensure that each entity only has access to its own cardholder data environment.

A.1.2 -Restrict each entity’s access and privileges to own cardholder data environment only.

A.1.3 -Ensure logging and audit trails are enabled and unique to each entity’s cardholder data environment and consistent with PCI DSS Requirement 10.

A.1.4 -Enable processes to provide for timely forensic  investigation in the event of a compromise to any hosted merchant or service provider.

A hosting provider must fulfill these requirements as well as all other relevant sections of the PCI DSS. Note: Even though a hosting provider may meet these requirements, the compliance of the entity that uses the hosting provider is not necessarily guaranteed. Each entity must comply with the PCI DSS and validate compliance as applicable.

Besides being good security practice, if followed, a Web hosting company providing procedures, processes and tools to meet the requirements can be a competitive advantage. Specifically, it can be used to differentiate your services from your competitors and entice e-commerce companies to host their sites with you.

Application Security

New for the latest release of PCI DSS is requirement 6.6. It requires that all Web-facing applications be protected against known attacks. Hosting companies over the years have become very good at protecting the networks and the operating systems from attacks, while the applications have been left vulnerable. Hackers are now attacking using SQL Injection and Path Traversal techniques to gain access to applications and vulnerable information.

Application security is an area that hosting companies have little or no control over. Once these hacks occur, and they do, expenses and man-hours mount as web hosts deal with customer complaints. To combat these attacks the PCI DSS recommends installing an application layer firewall in front of Web-facing applications known as a Web Application Firewall (WAF). One example of a WAF is Applicure’s dotDefender^TM, which works well for hosting companies, as it supports dedicated, shared and virtual environments running either Windows IIS or Apache on Linux platforms. Offering a WAF to clients will provide the security they need for PCI compliance, additional revenue for Web hosts, and reduce customer care calls addressing hacking attacks.

The penalties for not following the PCI’s DSS are significant and should not be ignored by any company accepting credit cards online or any company providing supporting services, like Web hosting companies. That being said, gaining compliance is relatively easy and could prove to be a competitive advantage if used creatively.

Article written by Josh Ewin who is VP of Sales and Marketing for Dedicated and Andy Mahler who is Director, Business Development for Applicure.

Article copied and presented by Jeremy Thompson (jeremy@revolutionwebstudios.com) who is CEO of Revolution Web Studios LLC.

Here is a great article from Chris from SmallBusinessNewz.com that is proof that online business economy is different than physical business economy in my opinion. Read what Chris has to say.

Are You Advertising a Need?

If you’ve been reading SmallBusinessNewz for a while, you may recall an article I wrote earlier this year about branding a need. The basic point of this was that one effective advertising strategy is to make potential customers realize that they have a need, and that your product is the solution to that need.

I was reminded of this again today as I read an article by Svetlana Gladkova at Profy who talked about online advertising, and how it will be affected as our economy worsens. She provides a very thought-provoking analysis on the subject, comparing it to what advertising was like in the great depression.

Surprisingly to some of us who weren’t around back then, advertising actually did pretty well according to Gladkova:

There was quite a number of examples of successful brands during the Great Depression, including Chevrolet cars, Camel cigarettes and Procter & Gamble (that gave birth to the phenomenon of soap opera during those hard times). And all of them relied heavily on advertising because they realized that they needed advertising to create and maintain brand loyalty. They simply pretended there was nothing particularly wrong with the economy and consumers still had money to spend - and this proved to be the right approach for them.

We should also keep in mind that advertising is one of the measures to demonstrate to consumers that the company is healthy. After all, not all the consumers have a daily habit of tracking stock market behavior to know what’s going on - yet when they see a company spending money on advertising, they think everything is fine with the company.

Contrary to what some might think, online advertising is still doing pretty well. Spending is up 15.2% in the United States according to the Interactive Advertising Bureau and PricewaterhouseCoopers. In the United Kingdom, it’s up 21%.

Even though there has been a lot of news recently about layoffs in Internet companies, ad sales are still growing as iEntry CEO Rich Ord points out. The bottom line is that online advertising is not likely to go show any major drop off in the foreseeable future. If anything, I think it will continue to grow, particularly as online video continues to grow in popularity and Google seems determined to expand it’s advertising efforts all the time.

Online advertising is a global medium and lets businesses reach global audiences, and targeted ones at that. How many other forms of advertising are as effective in either of these categories? When it comes to a weak economy, it is just important to note that people’s “needs” may change.

About the author:
Chris is a content coordinator and staff writer for SmallBusinessNewz and the iEntry Network. Subscribe to SmallBusinessNewz RSS Feeds.

Welcome to the world of Revolution Web Studios. We are a custom interactive website builder for small to medium size busiensses like yours.

I hope you find this blog post not only helpful but a powerful gateway to opening your business up to having a stronger online presence for your services and products. I want to share with you some thoughts about what your business website could be doing to your business, and most of all to your bottom line.

What does your site look like? If it isn’t pleasing to the eye, then most vision-weary web surfers will go for the mouse and click away fast. There are a lot of visual turn-offs you have to consider in having your website developed.

A successful web site combines appealing looks with meaty, but revelant content that keeps potential customers exploring your site. The longer they stay in your domain, the more likely they are to buy! We at Revolution Web Studios call this “stick-ability”.

Follow these exciting helpful tips for hanging your web site in the stratosphere of success.

• Go easy on the graphics. Sure, images and flash presentations look great—but in most browsers a graphics-heavy page takes a long time to load, and buyers won’t hang around to wait when there are plenty of other options available. Business websites that are flash intensive can really affect your businesses search engine ranking negatively.
• Choose a font style that’s easy to read. If you’re selling a book on relationships, putting all your web copy in Edwardian Script ITC  will not get the romance juices flowing. It will, however, cost you sales. Make it clear and easy to read. If it is easy to read and follow than it is easy to understand.
• Teach your customers and website visitors something. Provide more than just thrilling monologues about how great your product is. Write articles on your topic or reprint articles from internet databases. After spending half an hour reading through exciting and informative pieces of your topic, they will want to learn more. Some will also be willing to contact you directly to get the information they need. Which in turn leads to more sales.
• The information on your website should not just be 100% informational. Business websites should be relational as well. Your business website should have a healthy balance of informing visitors and have away of making them want to connect with you.

 

Hopefully this blog post was helpful to cause you to pondering about what your website is doing and what it could do to increase your business. To help you get the bottom line that makes business better and life happier. This day and age people are judging the quality of your business based on the quality of your business website.

 

Please feel more than free to contact us with any questions or requests for more information. Stop by our website to sign up for a free Search Engine Optimization Report or a Free Website Design Quote for your business.

 

By Jeremy Thompson 

About the poster: Jeremy Thompson is an Interactive Web & E-Commerce Consultant for Revolution Web Studios, consulting on web technologies for small business. You can reach him via email at Jeremy @ revolution web studios dot com.