Welcome!

News Feed Item

Xtraordinary Urges Small Businesses to Ensure PCI DSS Compliance This Christmas

EDINBURGH, Scotland, December 6, 2012 /PRNewswire/ --

With online shopping expected to top £5bn this Christmas, UK-based cloud hosting provider Xtraordinary is reminding British small businesses to review how they are processing, storing or transferring customer card data.

1st December 2012 was the deadline set by Streamline, the UK and Europe's largest card processor, for small and micro businesses to ensure they are Payment Card Industry Standard (PCI DSS) compliant.

PCI DSS is a set of mandatory card security protocols, created by a coalition of the major credit card companies, including Visa, MasterCard and Amex. Whilst compliance is not a legal obligation, online traders wishing to handle credit or debit card details are required to achieve PCI DSS compliance as part of their merchant agreement with card vendors and processors.

Andrew Ogilvie, Managing Director of Xtraordinary Hosting, says: "Non-compliance may be met with fines, losses arising from fraud or negligence and ultimately a termination of the merchant agreement and the loss of customer confidence. There is also an increased risk from cybercrime attacks, which fundamentally PCI DSS compliance is designed to prevent. According to Verizon's 2012 Data Breach Investigations Report, 95% of breaches happen to retailers with less than 100 employees."

Retailers may have got used to handling and storing card data for a variety of purposes. Providing a simple "one-click" transaction process for returning customers means faster, easier sales and encourages repeat business. Card details may be held in case of refunds or chargebacks or at a simple level, many companies use card details as a means of identifying and verifying their customers (according to Ponemon Institute's 2011 PCI DSS Compliance Trends Study). Merchants may also be tempted to keep card details for marketing purposes, in order to track previous purchases and prepare targeted promotions.

PCI Compliance prohibits companies from recording and storing the Card Verification Value (CVV2), three-digit number, on the reverse of cards.  If there is a security breach and retailers are found to be holding this data they leave themselves open to claims from card companies.

Andrew Ogilvie explains, "By doing any or all of these things many merchants, particularly small, medium and micro businesses, may not realise they are in breach of PCI Compliance."

Companies must sign up to regular vulnerability checks of their online security by an approved third-party vendor. However, there are another 200 additional sub-requirements to meet in order to pass compliance.

All of these conditions may require considerable investment in time and money by merchants.

Andrew Ogilvie says: "Retailers should ask themselves what sort of data they need to process and what, if any, they need to retain. If there is no legitimate reason to store card data then avoid it. It is worth ring-fencing systems that process transactions, which means not every part of a retailer's IT setup has to be compliant as it won't come into contact with card data. Retailers should also review which personnel come into contact with card and transaction data within their organisations. It should always be on an 'only if essential' basis, and all access to the data recorded.

"Perhaps the best advice of all for small retailers is not to have anything to do with processing card transactions at all. A third party payment gateway like Sagepay, Datacash, Worldpay or Barclay's ePDQ can deal with transactions. This may add to the expense of doing business online, but it also gives greater peace of mind. Retailers can concentrate on selling products on their website, and spend less time worrying about managing data."

While PCI Compliance may create a headache for many small firms, it is all about keeping customer data secure and minimising criminal threats to their business. However, PCI DSS compliance is not a cure-all and companies must remain vigilant against ever-changing cyber threats to their business.

Andrew Ogilvie adds: "It is very important when choosing a hosting provider that they fully understand PCI compliance, and can provide advice on security, system design, encryption, firewalling, patching, scanning and logging which are all required to stay compliant."

Notes to Editors

Xtraordinary Hosting http://www.xtrahost.co.uk

Successful dotcom entrepreneur Andrew Ogilvie founded Xtraordinary Hosting in 2001. It is a cloud hosting company, operating out of data centres in London and Edinburgh, which employs highly qualified, on-site technical teams, providing 24/7 support on critical issues.

The company offers a wide-ranging of IT services including secure Private and Public Cloud Hosting, Dedicated Servers, Managed Servers, Complex Managed Hosting and Application Hosting, which includes Magento eCommerce and Atlassian.

Xtraordinary operates in the City of London from the Interxion data centre, which it shares with over 200 financial services institutions, more than 15 liquidity venues and the major market data vendors.

For further information please contact Fin Robertson at Xtraordinary Hosting on +44(0)870-743-7408 or email [email protected]

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
When building large, cloud-based applications that operate at a high scale, it's important to maintain a high availability and resilience to failures. In order to do that, you must be tolerant of failures, even in light of failures in other areas of your application. "Fly two mistakes high" is an old adage in the radio control airplane hobby. It means, fly high enough so that if you make a mistake, you can continue flying with room to still make mistakes. In his session at 18th Cloud Expo, Le...
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performance data from large automated systems such as heating and cooling to the people that live and work within them. Through machine learning, buildings can optimize performance, reduce costs, and improve occupant comfort by ...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
DevOps tends to focus on the relationship between Dev and Ops, putting an emphasis on the ops and application infrastructure. But that’s changing with microservices architectures. In her session at DevOps Summit, Lori MacVittie, Evangelist for F5 Networks, will focus on how microservices are changing the underlying architectures needed to scale, secure and deliver applications based on highly distributed (micro) services and why that means an expansion into “the network” for DevOps.
Sanjeev Sharma Joins November 11-13, 2018 @DevOpsSummit at @CloudEXPO New York Faculty. Sanjeev Sharma is an internationally known DevOps and Cloud Transformation thought leader, technology executive, and author. Sanjeev's industry experience includes tenures as CTO, Technical Sales leader, and Cloud Architect leader. As an IBM Distinguished Engineer, Sanjeev is recognized at the highest levels of IBM's core of technical leaders.
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portability. In this session we'll describe best practices for "configuration as code" in a Kubernetes environment. We will demonstrate how a properly constructed containerized app can be deployed to both Amazon and Azure ...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science" is responsible for guiding the technology strategy within Hitachi Vantara for IoT and Analytics. Bill brings a balanced business-technology approach that focuses on business outcomes to drive data, analytics and technology decisions that underpin an organization's digital transformation strategy.
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
DXWorldEXPO LLC announced today that Ed Featherston has been named the "Tech Chair" of "FinTechEXPO - New York Blockchain Event" of CloudEXPO's 10-Year Anniversary Event which will take place on November 12-13, 2018 in New York City. CloudEXPO | DXWorldEXPO New York will present keynotes, general sessions, and more than 20 blockchain sessions by leading FinTech experts.
Apps and devices shouldn't stop working when there's limited or no network connectivity. Learn how to bring data stored in a cloud database to the edge of the network (and back again) whenever an Internet connection is available. In his session at 17th Cloud Expo, Ben Perlmutter, a Sales Engineer with IBM Cloudant, demonstrated techniques for replicating cloud databases with devices in order to build offline-first mobile or Internet of Things (IoT) apps that can provide a better, faster user e...
In this presentation, you will learn first hand what works and what doesn't while architecting and deploying OpenStack. Some of the topics will include:- best practices for creating repeatable deployments of OpenStack- multi-site considerations- how to customize OpenStack to integrate with your existing systems and security best practices.
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science" is responsible for guiding the technology strategy within Hitachi Vantara for IoT and Analytics. Bill brings a balanced business-technology approach that focuses on business outcomes to drive data, analytics and technology decisions that underpin an organization's digital transformation strategy.
"Peak 10 is a national cloud data center solutions managed services provider, and part of that is disaster recovery. We see a growing trend in the industry where companies are coming to us looking for assistance in their DR strategy," stated Andrew Cole, Director of Solutions Engineering at Peak 10, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
The now mainstream platform changes stemming from the first Internet boom brought many changes but didn’t really change the basic relationship between servers and the applications running on them. In fact, that was sort of the point. In his session at 18th Cloud Expo, Gordon Haff, senior cloud strategy marketing and evangelism manager at Red Hat, will discuss how today’s workloads require a new model and a new platform for development and execution. The platform must handle a wide range of rec...