Welcome!

News Feed Item

Xtraordinary Urges Small Businesses to Ensure PCI DSS Compliance This Christmas

EDINBURGH, Scotland, December 6, 2012 /PRNewswire/ --

With online shopping expected to top £5bn this Christmas, UK-based cloud hosting provider Xtraordinary is reminding British small businesses to review how they are processing, storing or transferring customer card data.

1st December 2012 was the deadline set by Streamline, the UK and Europe's largest card processor, for small and micro businesses to ensure they are Payment Card Industry Standard (PCI DSS) compliant.

PCI DSS is a set of mandatory card security protocols, created by a coalition of the major credit card companies, including Visa, MasterCard and Amex. Whilst compliance is not a legal obligation, online traders wishing to handle credit or debit card details are required to achieve PCI DSS compliance as part of their merchant agreement with card vendors and processors.

Andrew Ogilvie, Managing Director of Xtraordinary Hosting, says: "Non-compliance may be met with fines, losses arising from fraud or negligence and ultimately a termination of the merchant agreement and the loss of customer confidence. There is also an increased risk from cybercrime attacks, which fundamentally PCI DSS compliance is designed to prevent. According to Verizon's 2012 Data Breach Investigations Report, 95% of breaches happen to retailers with less than 100 employees."

Retailers may have got used to handling and storing card data for a variety of purposes. Providing a simple "one-click" transaction process for returning customers means faster, easier sales and encourages repeat business. Card details may be held in case of refunds or chargebacks or at a simple level, many companies use card details as a means of identifying and verifying their customers (according to Ponemon Institute's 2011 PCI DSS Compliance Trends Study). Merchants may also be tempted to keep card details for marketing purposes, in order to track previous purchases and prepare targeted promotions.

PCI Compliance prohibits companies from recording and storing the Card Verification Value (CVV2), three-digit number, on the reverse of cards.  If there is a security breach and retailers are found to be holding this data they leave themselves open to claims from card companies.

Andrew Ogilvie explains, "By doing any or all of these things many merchants, particularly small, medium and micro businesses, may not realise they are in breach of PCI Compliance."

Companies must sign up to regular vulnerability checks of their online security by an approved third-party vendor. However, there are another 200 additional sub-requirements to meet in order to pass compliance.

All of these conditions may require considerable investment in time and money by merchants.

Andrew Ogilvie says: "Retailers should ask themselves what sort of data they need to process and what, if any, they need to retain. If there is no legitimate reason to store card data then avoid it. It is worth ring-fencing systems that process transactions, which means not every part of a retailer's IT setup has to be compliant as it won't come into contact with card data. Retailers should also review which personnel come into contact with card and transaction data within their organisations. It should always be on an 'only if essential' basis, and all access to the data recorded.

"Perhaps the best advice of all for small retailers is not to have anything to do with processing card transactions at all. A third party payment gateway like Sagepay, Datacash, Worldpay or Barclay's ePDQ can deal with transactions. This may add to the expense of doing business online, but it also gives greater peace of mind. Retailers can concentrate on selling products on their website, and spend less time worrying about managing data."

While PCI Compliance may create a headache for many small firms, it is all about keeping customer data secure and minimising criminal threats to their business. However, PCI DSS compliance is not a cure-all and companies must remain vigilant against ever-changing cyber threats to their business.

Andrew Ogilvie adds: "It is very important when choosing a hosting provider that they fully understand PCI compliance, and can provide advice on security, system design, encryption, firewalling, patching, scanning and logging which are all required to stay compliant."

Notes to Editors

Xtraordinary Hosting http://www.xtrahost.co.uk

Successful dotcom entrepreneur Andrew Ogilvie founded Xtraordinary Hosting in 2001. It is a cloud hosting company, operating out of data centres in London and Edinburgh, which employs highly qualified, on-site technical teams, providing 24/7 support on critical issues.

The company offers a wide-ranging of IT services including secure Private and Public Cloud Hosting, Dedicated Servers, Managed Servers, Complex Managed Hosting and Application Hosting, which includes Magento eCommerce and Atlassian.

Xtraordinary operates in the City of London from the Interxion data centre, which it shares with over 200 financial services institutions, more than 15 liquidity venues and the major market data vendors.

For further information please contact Fin Robertson at Xtraordinary Hosting on +44(0)870-743-7408 or email [email protected]

SOURCE Xtraordinary Hosting

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Kubernetes, Docker and containers are changing the world, and how companies are deploying their software and running their infrastructure. With the shift in how applications are built and deployed, new challenges must be solved. In his session at @DevOpsSummit at19th Cloud Expo, Sebastian Scheele, co-founder of Loodse, will discuss the implications of containerized applications/infrastructures and their impact on the enterprise. In a real world example based on Kubernetes, he will show how to ...
Is the ongoing quest for agility in the data center forcing you to evaluate how to be a part of infrastructure automation efforts? As organizations evolve toward bimodal IT operations, they are embracing new service delivery models and leveraging virtualization to increase infrastructure agility. Therefore, the network must evolve in parallel to become equally agile. Read this essential piece of Gartner research for recommendations on achieving greater agility.
SYS-CON Events announced today that Venafi, the Immune System for the Internet™ and the leading provider of Next Generation Trust Protection, will exhibit at @DevOpsSummit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Venafi is the Immune System for the Internet™ that protects the foundation of all cybersecurity – cryptographic keys and digital certificates – so they can’t be misused by bad guys in attacks...
Pulzze Systems was happy to participate in such a premier event and thankful to be receiving the winning investment and global network support from G-Startup Worldwide. It is an exciting time for Pulzze to showcase the effectiveness of innovative technologies and enable them to make the world smarter and better. The reputable contest is held to identify promising startups around the globe that are assured to change the world through their innovative products and disruptive technologies. There w...
SYS-CON Events announced today Telecom Reseller has been named “Media Sponsor” of SYS-CON's 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
To paraphrase someone famous, "The definition of insanity is to do something the same way over and over again and expect a different result". Humans are creatures of habit and when it comes to storage, old habits die hard. Why do we continue to put our faith in legacy storage providers when they haven't invented anything new in decades. Sure, they re-badge their products every couple of years to make their messaging look modern, but ultimately, it's the same old stuff with a new coat of lipsti...
StarNet Communications Corp has announced the addition of three Secure Remote Desktop modules to its flagship X-Win32 PC X server. The new modules enable X-Win32 to safely tunnel the remote desktops from Linux and Unix servers to the user’s PC over encrypted SSH. Traditionally, users of PC X servers deploy the XDMCP protocol to display remote desktop environments such as the Gnome and KDE desktops on Linux servers and the CDE environment on Solaris Unix machines. XDMCP is used primarily on comp...
Smart Cities are here to stay, but for their promise to be delivered, the data they produce must not be put in new siloes. In his session at @ThingsExpo, Mathias Herberts, Co-founder and CTO of Cityzen Data, will deep dive into best practices that will ensure a successful smart city journey.
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously not possible for high-throughput insurance, banking, and case-based applications. In his session at 18th Cloud Expo, John Newton, CTO, Founder and Chairman of Alfresco, described how to scale cloud-based content management repositories to store, manage, and retrieve billions of documents and related information with fast and linear scalability. He addres...
SYS-CON Events announced today that StarNet Communications will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. StarNet Communications’ FastX is the industry first cloud-based remote X Windows emulator. Using standard Web browsers (FireFox, Chrome, Safari, etc.) users from around the world gain highly secure access to applications and data hosted on Linux-based servers in a central data center. ...
Aspose.Total for .NET is the most complete package of all file format APIs for .NET as offered by Aspose. It empowers developers to create, edit, render, print and convert between a wide range of popular document formats within any .NET, C#, ASP.NET and VB.NET applications. Aspose compiles all .NET APIs on a daily basis to ensure that it contains the most up to date versions of each of Aspose .NET APIs. If a new .NET API or a new version of existing APIs is released during the subscription peri...
The 19th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Digital Transformation, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportuni...
DevOps at Cloud Expo – being held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Am...
To leverage Continuous Delivery, enterprises must consider impacts that span functional silos, as well as applications that touch older, slower moving components. Managing the many dependencies can cause slowdowns. See how to achieve continuous delivery in the enterprise.
SYS-CON Events announced today that eCube Systems, a leading provider of middleware modernization, integration, and management solutions, will exhibit at @DevOpsSummit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. eCube Systems offers a family of middleware evolution products and services that maximize return on technology investment by leveraging existing technical equity to meet evolving business needs. ...