This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Contrasting opinions have been given on whether a level of preparedness should be part of PCI DSS compliance

Share this article:

Following the shopping weekend that caused ‘Black Friday' and ‘Cyber Monday' questions have been asked whether a level of 'preparedness' should be part of PCI DSS compliance for ecommerce sites.

In an SC Magazine debate, opinions contrasted on whether sites should be better prepared without having to recruit extra staff and as part of the regulatory rulings.

One commenter said that the answer ‘is obviously yes' as ‘why [would] anyone risk their site being off line at the busiest shopping time of the year'.

In agreement was Amichai Shulman, CTO of Imperva, who pointed at the YouGov/VeriSign survey. He said: “Judging by data from the survey it is apparent that ecommerce sites who could demonstrate their commitment can increase their traction and sales, not only by appealing to existing online shoppers but to an entire population that is currently refraining from doing online shopping.”

However Dave Whitelegg, information security manager at Capita, said: “No, simply put the PCI DSS is about protecting cardholder data, and is not about payment processing availability, nor should it or will it ever be about anything else.

“As long as backup systems/data recovery environments are operated in full compliance with the PCI standard, that is all that is important as far as the standard is concerned, the ability to take a transaction or not has no relevance to the purpose of the PCI standard.”

Commenting, Simon Black, managing director of Sage Pay, said that he saw this as a possibility rather than as mandatory.

Black said: “This is absolutely not a PCI thing but good business management, we are seeing traffic growth every year and in ecommerce you need to be planning ahead and plan for significant growth.”

He further claimed that leads should be taken from high street retail stores, which are designed to handle as many customers on a weekend in December rather than on a weekday in February, by factoring in peak times.

“If it is done badly it could lose business and indirectly create a security issue”, said Black.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

VC cyber security funding tops £850 million

VC cyber security funding tops £850 million

A new study from US-based research firm CBI Insights reveals that corporate cyber security investments have risen five-fold since 2009, with 30 percent growth in the last year alone.

Russian/Chinese cyber-security pact raises concerns

Russian/Chinese cyber-security pact raises concerns

News that Russia and China are set to sign a cyber-security treaty next month have left Western cyber experts unsure whether it is a threat or a promising development.

UK police arrest trio over £1.6 million cyber theft from cash machines

UK police arrest trio over £1.6 million cyber ...

London Police have arrested three suspected members of an Eastern European cyber-crime gang who installed malware on more than 50 bank ATM machines across the UK to steal £1.6 million.