Click here to close now.


News Feed Item

Xtraordinary Urges Small Businesses to Ensure PCI DSS Compliance This Christmas

EDINBURGH, Scotland, December 6, 2012 /PRNewswire/ --

With online shopping expected to top £5bn this Christmas, UK-based cloud hosting provider Xtraordinary is reminding British small businesses to review how they are processing, storing or transferring customer card data.

1st December 2012 was the deadline set by Streamline, the UK and Europe's largest card processor, for small and micro businesses to ensure they are Payment Card Industry Standard (PCI DSS) compliant.

PCI DSS is a set of mandatory card security protocols, created by a coalition of the major credit card companies, including Visa, MasterCard and Amex. Whilst compliance is not a legal obligation, online traders wishing to handle credit or debit card details are required to achieve PCI DSS compliance as part of their merchant agreement with card vendors and processors.

Andrew Ogilvie, Managing Director of Xtraordinary Hosting, says: "Non-compliance may be met with fines, losses arising from fraud or negligence and ultimately a termination of the merchant agreement and the loss of customer confidence. There is also an increased risk from cybercrime attacks, which fundamentally PCI DSS compliance is designed to prevent. According to Verizon's 2012 Data Breach Investigations Report, 95% of breaches happen to retailers with less than 100 employees."

Retailers may have got used to handling and storing card data for a variety of purposes. Providing a simple "one-click" transaction process for returning customers means faster, easier sales and encourages repeat business. Card details may be held in case of refunds or chargebacks or at a simple level, many companies use card details as a means of identifying and verifying their customers (according to Ponemon Institute's 2011 PCI DSS Compliance Trends Study). Merchants may also be tempted to keep card details for marketing purposes, in order to track previous purchases and prepare targeted promotions.

PCI Compliance prohibits companies from recording and storing the Card Verification Value (CVV2), three-digit number, on the reverse of cards.  If there is a security breach and retailers are found to be holding this data they leave themselves open to claims from card companies.

Andrew Ogilvie explains, "By doing any or all of these things many merchants, particularly small, medium and micro businesses, may not realise they are in breach of PCI Compliance."

Companies must sign up to regular vulnerability checks of their online security by an approved third-party vendor. However, there are another 200 additional sub-requirements to meet in order to pass compliance.

All of these conditions may require considerable investment in time and money by merchants.

Andrew Ogilvie says: "Retailers should ask themselves what sort of data they need to process and what, if any, they need to retain. If there is no legitimate reason to store card data then avoid it. It is worth ring-fencing systems that process transactions, which means not every part of a retailer's IT setup has to be compliant as it won't come into contact with card data. Retailers should also review which personnel come into contact with card and transaction data within their organisations. It should always be on an 'only if essential' basis, and all access to the data recorded.

"Perhaps the best advice of all for small retailers is not to have anything to do with processing card transactions at all. A third party payment gateway like Sagepay, Datacash, Worldpay or Barclay's ePDQ can deal with transactions. This may add to the expense of doing business online, but it also gives greater peace of mind. Retailers can concentrate on selling products on their website, and spend less time worrying about managing data."

While PCI Compliance may create a headache for many small firms, it is all about keeping customer data secure and minimising criminal threats to their business. However, PCI DSS compliance is not a cure-all and companies must remain vigilant against ever-changing cyber threats to their business.

Andrew Ogilvie adds: "It is very important when choosing a hosting provider that they fully understand PCI compliance, and can provide advice on security, system design, encryption, firewalling, patching, scanning and logging which are all required to stay compliant."

Notes to Editors

Xtraordinary Hosting

Successful dotcom entrepreneur Andrew Ogilvie founded Xtraordinary Hosting in 2001. It is a cloud hosting company, operating out of data centres in London and Edinburgh, which employs highly qualified, on-site technical teams, providing 24/7 support on critical issues.

The company offers a wide-ranging of IT services including secure Private and Public Cloud Hosting, Dedicated Servers, Managed Servers, Complex Managed Hosting and Application Hosting, which includes Magento eCommerce and Atlassian.

Xtraordinary operates in the City of London from the Interxion data centre, which it shares with over 200 financial services institutions, more than 15 liquidity venues and the major market data vendors.

For further information please contact Fin Robertson at Xtraordinary Hosting on +44(0)870-743-7408 or email [email protected]

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
The Internet of Everything is re-shaping technology trends–moving away from “request/response” architecture to an “always-on” Streaming Web where data is in constant motion and secure, reliable communication is an absolute necessity. As more and more THINGS go online, the challenges that developers will need to address will only increase exponentially. In his session at @ThingsExpo, Todd Greene, Founder & CEO of PubNub, exploreed the current state of IoT connectivity and review key trends and t...
Two weeks ago (November 3-5), I attended the Cloud Expo Silicon Valley as a speaker, where I presented on the security and privacy due diligence requirements for cloud solutions. Cloud security is a topical issue for every CIO, CISO, and technology buyer. Decision-makers are always looking for insights on how to mitigate the security risks of implementing and using cloud solutions. Based on the presentation topics covered at the conference, as well as the general discussions heard between sessi...
Continuous processes around the development and deployment of applications are both impacted by -- and a benefit to -- the Internet of Things trend. To help better understand the relationship between DevOps and a plethora of new end-devices and data please welcome Gary Gruver, consultant, author and a former IT executive who has led many large-scale IT transformation projects, and John Jeremiah, Technology Evangelist at Hewlett Packard Enterprise (HPE), on Twitter at @j_jeremiah. The discussion...
Too often with compelling new technologies market participants become overly enamored with that attractiveness of the technology and neglect underlying business drivers. This tendency, what some call the “newest shiny object syndrome” is understandable given that virtually all of us are heavily engaged in technology. But it is also mistaken. Without concrete business cases driving its deployment, IoT, like many other technologies before it, will fade into obscurity.
In today's enterprise, digital transformation represents organizational change even more so than technology change, as customer preferences and behavior drive end-to-end transformation across lines of business as well as IT. To capitalize on the ubiquitous disruption driving this transformation, companies must be able to innovate at an increasingly rapid pace. Traditional approaches for driving innovation are now woefully inadequate for keeping up with the breadth of disruption and change facin...
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids and Smart Cities, the Industrial Internet, and more. Cool platforms like Arduino, Raspberry Pi, Intel's Galileo and Edison, and a diverse world of sensors are making the IoT a great toy box for developers in all these areas. In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists discussed what things are the most important, which will have the most profound...
With all the incredible momentum behind the Internet of Things (IoT) industry, it is easy to forget that not a single CEO wakes up and wonders if “my IoT is broken.” What they wonder is if they are making the right decisions to do all they can to increase revenue, decrease costs, and improve customer experience – effectively the same challenges they have always had in growing their business. The exciting thing about the IoT industry is now these decisions can be better, faster, and smarter. Now ...
PubNub has announced the release of BLOCKS, a set of customizable microservices that give developers a simple way to add code and deploy features for realtime apps.PubNub BLOCKS executes business logic directly on the data streaming through PubNub’s network without splitting it off to an intermediary server controlled by the customer. This revolutionary approach streamlines app development, reduces endpoint-to-endpoint latency, and allows apps to better leverage the enormous scalability of PubNu...
I recently attended and was a speaker at the 4th International Internet of @ThingsExpo at the Santa Clara Convention Center. I also had the opportunity to attend this event last year and I wrote a blog from that show talking about how the “Enterprise Impact of IoT” was a key theme of last year’s show. I was curious to see if the same theme would still resonate 365 days later and what, if any, changes I would see in the content presented.
Apps and devices shouldn't stop working when there's limited or no network connectivity. Learn how to bring data stored in a cloud database to the edge of the network (and back again) whenever an Internet connection is available. In his session at 17th Cloud Expo, Ben Perlmutter, a Sales Engineer with IBM Cloudant, demonstrated techniques for replicating cloud databases with devices in order to build offline-first mobile or Internet of Things (IoT) apps that can provide a better, faster user e...
Microservices are a very exciting architectural approach that many organizations are looking to as a way to accelerate innovation. Microservices promise to allow teams to move away from monolithic "ball of mud" systems, but the reality is that, in the vast majority of organizations, different projects and technologies will continue to be developed at different speeds. How to handle the dependencies between these disparate systems with different iteration cycles? Consider the "canoncial problem"...
Culture is the most important ingredient of DevOps. The challenge for most organizations is defining and communicating a vision of beneficial DevOps culture for their organizations, and then facilitating the changes needed to achieve that. Often this comes down to an ability to provide true leadership. As a CIO, are your direct reports IT managers or are they IT leaders? The hard truth is that many IT managers have risen through the ranks based on their technical skills, not their leadership ab...
In his General Session at DevOps Summit, Asaf Yigal, Co-Founder & VP of Product at, explored the value of Kibana 4 for log analysis and provided a hands-on tutorial on how to set up Kibana 4 and get the most out of Apache log files. He examined three use cases: IT operations, business intelligence, and security and compliance. Asaf Yigal is co-founder and VP of Product at log analytics software company In the past, he was co-founder of social-trading platform Currensee, which...
There are over 120 breakout sessions in all, with Keynotes, General Sessions, and Power Panels adding to three days of incredibly rich presentations and content. Join @ThingsExpo conference chair Roger Strukhoff (@IoT2040), June 7-9, 2016 in New York City, for three days of intense 'Internet of Things' discussion and focus, including Big Data's indespensable role in IoT, Smart Grids and Industrial Internet of Things, Wearables and Consumer IoT, as well as (new) IoT's use in Vertical Markets.
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the APIs that make today's multi-cloud environments and hybrid clouds possible. In this Power Panel at 17th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the importance of customers being able to use the specific technologies they need, through environments and ecosystems that expose their APIs to make true ...