This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Contrasting opinions have been given on whether a level of preparedness should be part of PCI DSS compliance

Share this article:

Following the shopping weekend that caused ‘Black Friday' and ‘Cyber Monday' questions have been asked whether a level of 'preparedness' should be part of PCI DSS compliance for ecommerce sites.

In an SC Magazine debate, opinions contrasted on whether sites should be better prepared without having to recruit extra staff and as part of the regulatory rulings.

One commenter said that the answer ‘is obviously yes' as ‘why [would] anyone risk their site being off line at the busiest shopping time of the year'.

In agreement was Amichai Shulman, CTO of Imperva, who pointed at the YouGov/VeriSign survey. He said: “Judging by data from the survey it is apparent that ecommerce sites who could demonstrate their commitment can increase their traction and sales, not only by appealing to existing online shoppers but to an entire population that is currently refraining from doing online shopping.”

However Dave Whitelegg, information security manager at Capita, said: “No, simply put the PCI DSS is about protecting cardholder data, and is not about payment processing availability, nor should it or will it ever be about anything else.

“As long as backup systems/data recovery environments are operated in full compliance with the PCI standard, that is all that is important as far as the standard is concerned, the ability to take a transaction or not has no relevance to the purpose of the PCI standard.”

Commenting, Simon Black, managing director of Sage Pay, said that he saw this as a possibility rather than as mandatory.

Black said: “This is absolutely not a PCI thing but good business management, we are seeing traffic growth every year and in ecommerce you need to be planning ahead and plan for significant growth.”

He further claimed that leads should be taken from high street retail stores, which are designed to handle as many customers on a weekend in December rather than on a weekday in February, by factoring in peak times.

“If it is done badly it could lose business and indirectly create a security issue”, said Black.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Google and Facebook offer free cyber-security tools

Google and Facebook offer free cyber-security tools

Google and Facebook have both launched free open-source cyber-security tools this week, designed to help security professionals spot malware and cyber-attacks.

Mixed results for key Government cyber-initiatives

Mixed results for key Government cyber-initiatives

The Government's Verify scheme to confirm IDs is behind scheuduled uptake, but its CISP threat intelligence sharing scheme is ahead of target.

Hundreds of companies face 2,000 cyber-attacks in EU exercise

Hundreds of companies face 2,000 cyber-attacks in EU ...

The European Network and Information Security Agency (ENISA) conducted a 24-hour cyber-exercise in which more than 200 organisations from 25 EU member states faced virtual cyber-attacks from white hat hackers ...