Increase the security on your AbleCommerce store by NOT using known email addresses for administrative user names. This makes it even more difficult for a hacker to breach your account as they would have to guess both your user name and your password. This also prevents a hacker from requesting a lost password email for an [...]
We recently phoned over 300 small merchants, regarding their current solution and PCI compliance. We found, that most are not worried about PCI compliance (your data). Most have adopted a wait and see attitude towards PCI Compliance… wait until they see Visa actually put some teeth on their mandates. The editor of Practical eCommerce goes even further stating [...]
We typically won’t openly rant about our competition. However, we are hearing so many half truths and misleading information from potential customers about other shopping cart systems claiming to be compliant, certified, or that their PA-DSS certification is coming soon…incidentally, our certification took over a year to complete. We’re frankly shocked that given 5 years notice on the July 1st deadline, that only a dozen [...]
As part of PCI compliance you are required to test your network on a regular basis. PCI DSS Requirement 11: Regularly test security systems and processes. There are a lot of vendors listed on the Approved Scanning Vendors list but the sole stand out is McAfee Secure, which was originally a Scan Alert product called ’Hacker Safe’ and was rebranded ‘McAfee [...]
Here’s just the facts without the snazzy video. Build and Maintain a Secure Network Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data Requirement 3: Protect stored cardholder data Requirement 4: Encrypt transmission of cardholder [...]
Frankly we’re shocked to see only a dozen ecommerce vendors take it seriously and become certified. It will be interesting to see how all this plays out over the next few months. What will the fines be? What happens when an application is decertified?
