This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Contrasting opinions have been given on whether a level of preparedness should be part of PCI DSS compliance

Share this article:

Following the shopping weekend that caused ‘Black Friday' and ‘Cyber Monday' questions have been asked whether a level of 'preparedness' should be part of PCI DSS compliance for ecommerce sites.

In an SC Magazine debate, opinions contrasted on whether sites should be better prepared without having to recruit extra staff and as part of the regulatory rulings.

One commenter said that the answer ‘is obviously yes' as ‘why [would] anyone risk their site being off line at the busiest shopping time of the year'.

In agreement was Amichai Shulman, CTO of Imperva, who pointed at the YouGov/VeriSign survey. He said: “Judging by data from the survey it is apparent that ecommerce sites who could demonstrate their commitment can increase their traction and sales, not only by appealing to existing online shoppers but to an entire population that is currently refraining from doing online shopping.”

However Dave Whitelegg, information security manager at Capita, said: “No, simply put the PCI DSS is about protecting cardholder data, and is not about payment processing availability, nor should it or will it ever be about anything else.

“As long as backup systems/data recovery environments are operated in full compliance with the PCI standard, that is all that is important as far as the standard is concerned, the ability to take a transaction or not has no relevance to the purpose of the PCI standard.”

Commenting, Simon Black, managing director of Sage Pay, said that he saw this as a possibility rather than as mandatory.

Black said: “This is absolutely not a PCI thing but good business management, we are seeing traffic growth every year and in ecommerce you need to be planning ahead and plan for significant growth.”

He further claimed that leads should be taken from high street retail stores, which are designed to handle as many customers on a weekend in December rather than on a weekday in February, by factoring in peak times.

“If it is done badly it could lose business and indirectly create a security issue”, said Black.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Russia's BlackEnergy malware targets Brussels, Poland and Ukraine

Russia's BlackEnergy malware targets Brussels, Poland and Ukraine

Ongoing Russian malware attacks on Poland, Ukraine and Brussels (in Belgium) are aimed at discovering secrets not cash, and could be from criminal groups rather than a state-sponsored actor.

TripAdvisor subsidiary data breach hits up to 1.4 million customers

TripAdvisor subsidiary data breach hits up to 1.4 ...

Travel firm Viator has suffered a data breach that has compromised the credentials or payment card details of up to 1.4 million of its customers.

EU and UK step up efforts to protect banks from cybercrime

EU and UK step up efforts to protect ...

The European Union and the British Bankers' Association have announced independent plans to tackle cyber-criminals that target banks and other financial institutions.