This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Contrasting opinions have been given on whether a level of preparedness should be part of PCI DSS compliance

Share this article:

Following the shopping weekend that caused ‘Black Friday' and ‘Cyber Monday' questions have been asked whether a level of 'preparedness' should be part of PCI DSS compliance for ecommerce sites.

In an SC Magazine debate, opinions contrasted on whether sites should be better prepared without having to recruit extra staff and as part of the regulatory rulings.

One commenter said that the answer ‘is obviously yes' as ‘why [would] anyone risk their site being off line at the busiest shopping time of the year'.

In agreement was Amichai Shulman, CTO of Imperva, who pointed at the YouGov/VeriSign survey. He said: “Judging by data from the survey it is apparent that ecommerce sites who could demonstrate their commitment can increase their traction and sales, not only by appealing to existing online shoppers but to an entire population that is currently refraining from doing online shopping.”

However Dave Whitelegg, information security manager at Capita, said: “No, simply put the PCI DSS is about protecting cardholder data, and is not about payment processing availability, nor should it or will it ever be about anything else.

“As long as backup systems/data recovery environments are operated in full compliance with the PCI standard, that is all that is important as far as the standard is concerned, the ability to take a transaction or not has no relevance to the purpose of the PCI standard.”

Commenting, Simon Black, managing director of Sage Pay, said that he saw this as a possibility rather than as mandatory.

Black said: “This is absolutely not a PCI thing but good business management, we are seeing traffic growth every year and in ecommerce you need to be planning ahead and plan for significant growth.”

He further claimed that leads should be taken from high street retail stores, which are designed to handle as many customers on a weekend in December rather than on a weekday in February, by factoring in peak times.

“If it is done badly it could lose business and indirectly create a security issue”, said Black.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

WhatsApp flaw leaves users open to spying

WhatsApp flaw leaves users open to spying

Global messaging service WhatsApp, now part of Facebook, has owned up to a security flaw which leaves it open to man-in-the-middle (MiTM) attacks.

Data breach discovery takes 'weeks or months'

Data breach discovery takes 'weeks or months'

A new report confirms what's long been feared - businesses take too long to recognise and react to a data breach.

HMRC plan to share taxpayers' data attacked

HMRC plan to share taxpayers' data attacked

A proposal by HMRC to release millions of taxpayers' personal data to private firms has whipped up a storm on data privacy.