Welcome!

News Feed Item

Xtraordinary Urges Small Businesses to Ensure PCI DSS Compliance This Christmas

EDINBURGH, Scotland, December 6, 2012 /PRNewswire/ --

With online shopping expected to top £5bn this Christmas, UK-based cloud hosting provider Xtraordinary is reminding British small businesses to review how they are processing, storing or transferring customer card data.

1st December 2012 was the deadline set by Streamline, the UK and Europe's largest card processor, for small and micro businesses to ensure they are Payment Card Industry Standard (PCI DSS) compliant.

PCI DSS is a set of mandatory card security protocols, created by a coalition of the major credit card companies, including Visa, MasterCard and Amex. Whilst compliance is not a legal obligation, online traders wishing to handle credit or debit card details are required to achieve PCI DSS compliance as part of their merchant agreement with card vendors and processors.

Andrew Ogilvie, Managing Director of Xtraordinary Hosting, says: "Non-compliance may be met with fines, losses arising from fraud or negligence and ultimately a termination of the merchant agreement and the loss of customer confidence. There is also an increased risk from cybercrime attacks, which fundamentally PCI DSS compliance is designed to prevent. According to Verizon's 2012 Data Breach Investigations Report, 95% of breaches happen to retailers with less than 100 employees."

Retailers may have got used to handling and storing card data for a variety of purposes. Providing a simple "one-click" transaction process for returning customers means faster, easier sales and encourages repeat business. Card details may be held in case of refunds or chargebacks or at a simple level, many companies use card details as a means of identifying and verifying their customers (according to Ponemon Institute's 2011 PCI DSS Compliance Trends Study). Merchants may also be tempted to keep card details for marketing purposes, in order to track previous purchases and prepare targeted promotions.

PCI Compliance prohibits companies from recording and storing the Card Verification Value (CVV2), three-digit number, on the reverse of cards.  If there is a security breach and retailers are found to be holding this data they leave themselves open to claims from card companies.

Andrew Ogilvie explains, "By doing any or all of these things many merchants, particularly small, medium and micro businesses, may not realise they are in breach of PCI Compliance."

Companies must sign up to regular vulnerability checks of their online security by an approved third-party vendor. However, there are another 200 additional sub-requirements to meet in order to pass compliance.

All of these conditions may require considerable investment in time and money by merchants.

Andrew Ogilvie says: "Retailers should ask themselves what sort of data they need to process and what, if any, they need to retain. If there is no legitimate reason to store card data then avoid it. It is worth ring-fencing systems that process transactions, which means not every part of a retailer's IT setup has to be compliant as it won't come into contact with card data. Retailers should also review which personnel come into contact with card and transaction data within their organisations. It should always be on an 'only if essential' basis, and all access to the data recorded.

"Perhaps the best advice of all for small retailers is not to have anything to do with processing card transactions at all. A third party payment gateway like Sagepay, Datacash, Worldpay or Barclay's ePDQ can deal with transactions. This may add to the expense of doing business online, but it also gives greater peace of mind. Retailers can concentrate on selling products on their website, and spend less time worrying about managing data."

While PCI Compliance may create a headache for many small firms, it is all about keeping customer data secure and minimising criminal threats to their business. However, PCI DSS compliance is not a cure-all and companies must remain vigilant against ever-changing cyber threats to their business.

Andrew Ogilvie adds: "It is very important when choosing a hosting provider that they fully understand PCI compliance, and can provide advice on security, system design, encryption, firewalling, patching, scanning and logging which are all required to stay compliant."

Notes to Editors

Xtraordinary Hosting http://www.xtrahost.co.uk

Successful dotcom entrepreneur Andrew Ogilvie founded Xtraordinary Hosting in 2001. It is a cloud hosting company, operating out of data centres in London and Edinburgh, which employs highly qualified, on-site technical teams, providing 24/7 support on critical issues.

The company offers a wide-ranging of IT services including secure Private and Public Cloud Hosting, Dedicated Servers, Managed Servers, Complex Managed Hosting and Application Hosting, which includes Magento eCommerce and Atlassian.

Xtraordinary operates in the City of London from the Interxion data centre, which it shares with over 200 financial services institutions, more than 15 liquidity venues and the major market data vendors.

For further information please contact Fin Robertson at Xtraordinary Hosting on +44(0)870-743-7408 or email [email protected]

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
SYS-CON Events announced today that SourceForge has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. SourceForge is the largest, most trusted destination for Open Source Software development, collaboration, discovery and download on the web serving over 32 million viewers, 150 million downloads and over 460,000 active development projects each and every month.
The next XaaS is CICDaaS. Why? Because CICD saves developers a huge amount of time. CD is an especially great option for projects that require multiple and frequent contributions to be integrated. But… securing CICD best practices is an emerging, essential, yet little understood practice for DevOps teams and their Cloud Service Providers. The only way to get CICD to work in a highly secure environment takes collaboration, patience and persistence. Building CICD in the cloud requires rigorous ar...
SYS-CON Events announced today that Dasher Technologies will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Dasher Technologies, Inc. ® is a premier IT solution provider that delivers expert technical resources along with trusted account executives to architect and deliver complete IT solutions and services to help our clients execute their goals, plans and objectives. Since 1999, we'v...
As popularity of the smart home is growing and continues to go mainstream, technological factors play a greater role. The IoT protocol houses the interoperability battery consumption, security, and configuration of a smart home device, and it can be difficult for companies to choose the right kind for their product. For both DIY and professionally installed smart homes, developers need to consider each of these elements for their product to be successful in the market and current smart homes.
The session is centered around the tracing of systems on cloud using technologies like ebpf. The goal is to talk about what this technology is all about and what purpose it serves. In his session at 21st Cloud Expo, Shashank Jain, Development Architect at SAP, will touch upon concepts of observability in the cloud and also some of the challenges we have. Generally most cloud-based monitoring tools capture details at a very granular level. To troubleshoot problems this might not be good enough.
In the fast-paced advances and popularity in cloud technology, one of the most critical factors revolves around concerns for security of your critical data. How to assure both your company and your customers they can confidently trust and utilize your cloud environment is most often top on the list. There is a method to evaluating and providing security that exceeds conventional modes of protecting data both within the cloud as well externally on mobile and other devices. With the public failure...
SYS-CON Events announced today that MIRAI Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MIRAI Inc. are IT consultants from the public sector whose mission is to solve social issues by technology and innovation and to create a meaningful future for people.
Transforming cloud-based data into a reportable format can be a very expensive, time-intensive and complex operation. As a SaaS platform with more than 30 million global users, Cornerstone OnDemand’s challenge was to create a scalable solution that would improve the time it took customers to access their user data. Our Real-Time Data Warehouse (RTDW) process vastly reduced data time-to-availability from 24 hours to just 10 minutes. In his session at 21st Cloud Expo, Mark Goldin, Chief Technolo...
Companies are harnessing data in ways we once associated with science fiction. Analysts have access to a plethora of visualization and reporting tools, but considering the vast amount of data businesses collect and limitations of CPUs, end users are forced to design their structures and systems with limitations. Until now. As the cloud toolkit to analyze data has evolved, GPUs have stepped in to massively parallel SQL, visualization and machine learning.
SYS-CON Events announced today that Massive Networks, that helps your business operate seamlessly with fast, reliable, and secure internet and network solutions, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. As a premier telecommunications provider, Massive Networks is headquartered out of Louisville, Colorado. With years of experience under their belt, their team of...
SYS-CON Events announced today that TidalScale, a leading provider of systems and services, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TidalScale has been involved in shaping the computing landscape. They've designed, developed and deployed some of the most important and successful systems and services in the history of the computing industry - internet, Ethernet, operating s...
In his general session at 21st Cloud Expo, Greg Dumas, Calligo’s Vice President and G.M. of US operations, will go over the new Global Data Protection Regulation and how Calligo can help business stay compliant in digitally globalized world. Greg Dumas is Calligo's Vice President and G.M. of US operations. Calligo is an established service provider that provides an innovative platform for trusted cloud solutions. Calligo’s customers are typically most concerned about GDPR compliance, applicatio...
Widespread fragmentation is stalling the growth of the IIoT and making it difficult for partners to work together. The number of software platforms, apps, hardware and connectivity standards is creating paralysis among businesses that are afraid of being locked into a solution. EdgeX Foundry is unifying the community around a common IoT edge framework and an ecosystem of interoperable components.
We all know that end users experience the Internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices – not doing so will be a path to eventual b...
Coca-Cola’s Google powered digital signage system lays the groundwork for a more valuable connection between Coke and its customers. Digital signs pair software with high-resolution displays so that a message can be changed instantly based on what the operator wants to communicate or sell. In their Day 3 Keynote at 21st Cloud Expo, Greg Chambers, Global Group Director, Digital Innovation, Coca-Cola, and Vidya Nagarajan, a Senior Product Manager at Google, will discuss how from store operations...