Security Standards Council

...now browsing by tag

 
Approved Scanning Vendor Become PCI Compliant Data Security Standard Hacked Hackers Increase Your Rate of Conversion Outside Attacks Payment Card Industry PCI Compliance PCI Compliant PCI scanning Return on Investment security scan Security Scanned Seal Security Standards Council Trust Guard Trust Seals verification seals Video Security Seal Vulnerability Scanning Website Security
 

It Is Cheaper To Be PCI Compliant Than To Not Be PCI Compliant

Monday, January 18th, 2010

According to a study conducted by Solidcore Systems, Emagined Security, and Fartrex, the lack of being PCI Compliant could potentially exceed the cost of PCI Compliance by 20 times!

In James Barrow’s book on achieving PCI Compliance, he states that the research study showed that “not becoming compliant with the standard (Data Security Standard – or DSS) could lead to additional costs posed by a data breach.”

For one, the SSC (Security Standards Counsel) can elevate your business to Level 1 status following a breach or compromise. That means that you’ll have to do everything a Level 1 has to do despite the lower level of transactions that you process. Of course, the biggest expense with this option is the previously unnecessary need to hire a Qualified Security Assessor or or pay someone inside your organization to conduct an Internal Audit if it is signed by an officer of the company.

Also, Barrow continues, “a breach may require further expenditures related to customer notifications and providing credit monitoring services.  Finally, there are the expenses that may result from litigation, as well as the unknown variable of the cost to the company in loss of customer confidence.”

So, you decide, you can scan your site daily for vulnerabilities against hackers and increase customer confidence by displaying Trust Guard seals.  Or you can leave your site open to hackers and outside attacks and potentially face the swollen and costly revised requirements of the Payment Card Industry.

To put it in monetary terms, you can pay Trust Guard $497 a year for daily vulnerability scanning and PCI Compliant Reports, or pay almost $10,000 a year to repair the damage. Included in the yearly price of $497 a year (or $47 a month) comes a Security Scanned trust seal to display on your website that is GUARANTEED to grow your business significantly.

With that knowledge, getting a daily PCI Compliant Vulnerability Scan and industry exclusive Video Security Seal from Trust Guard to show online consumers that your site is safe, and that you are a legitimate company that will protect their privacy, is one of the best return on investments out there!  Visit www.Go.Trust-Guard.com today!

Video Seal

Posted in PCI Compliance | No Responses »
Tags: , , , , , , , , ,

PCI Compliance – The Difference Between Vulnerability Scanning and Penetration Tests

Monday, December 28th, 2009

I have found that there are several website owners and hosting companies that are either misinformed or a little confused about the differences between a vulnerability scan and a penetration test.

There are, nonetheless, a major difference between the two. To quote from the book Achieving PCI Compliance page 245,

“A vulnerability scan is a simple test that looks for and reports on any vulnerabilities found within your network infrastructure. That is the extent of a vulnerability scan: Identification and reporting. [The PCI Compliant Security Scan reports describe any vulnerabilities a website might have, and also delineates the solution]

A penetration test is often times conducted after the vulnerability scan. A penetration test attempts to exploit one or more of the vulnerabilities identified during the vulnerability scan. A penetration test attempts to verify if an identified vulnerability is actually susceptible to being exploited.”

Vulnerability scanning must be run against the internal and external networks on a quarterly basis, and after any significant changes in the network like installations, changes in network topology, firewall rule modifications, product upgrades, etc. If you run the vulnerability scan and there are no security issues, a penetration test is not necessary.

Trust Guard, the leader in website security, uses a PCI compliant Approved Scanning Vendor (ASV) and offers vulnerability scanning on a quarterly and daily basis. They also provide the PCI compliant scan reports and security verification seals to show online visitors that the website has been scanned. When online consumers see that our sites are safe from hackers, they feel confident and our conversion rates increase – sometimes significantly.

If you have any questions about Trust Guard’s Security scans and/or trust seals, please call toll free 877-848-2731 – Ask for Aaron.

Posted in PCI Compliance | No Responses »
Tags: , , , , , , , , , , , ,

What It Means To Be PCI Compliant

Tuesday, November 24th, 2009

I was asked the other day if getting a PCI Compliant Website Security Scan from Trust Guard was all I needed to do to acheive PCI Compliance. The answer is no – heck no!  There are several aspects of PCI Compliance that the Security Standards Council has created through their Data Security Standard.  Vulnerability Scanning from Trust Guard is just one area of compliance as outlined by the payment card industry.  To see other areas of need, you can look at this chart, or this page on passwords, or here for a PCI Compliance Table.  You can also read the book: Acheiving PCI Compliance: A Guide For Understanding And Complying With Data Security Standard For Merchant Levels 2, 3, and 4.

Posted in PCI Compliance | No Responses »
Tags: , , , , , , , , , , , ,

We All Need To Be PCI Compliant

Wednesday, September 23rd, 2009

Well Howdy!

My name is Harold, but you can call me Harold the Hacked.  Why not, everyone else does!  You have probably heard how my site got hacked into.  And that now I listen to everything the The PCI Compliance Guy tells me to do!  What a pain in the you-know-where is was to have to direct my traffic back to my original site after a hacker had redirected it to Mongolia of all places!

The PCI Compliance Guy told me to get Trust Guard’s Security Scanned Seals to check for over 30,000 vulnerabilities that hackers could use to get into my system. I did it!

Not only do I feel safe now, but my clients feel safe too!  Trust Guard’s trust seals let online consumers know that a third party has verified my site and found everything in order.  Because my visitors feel safe, more of them are using my services!  I’ve got a clean site and a thriving business – all thanks to Trust Guard and The PCI Compliance Guy!

Posted in Harold the Hacked, PCI Compliance | No Responses »
Tags: , , , , , , , , , , ,

Read: Achieving PCI Compliance

Friday, September 11th, 2009

My friend at work is letting me borrow his book Achieving PCI ComplianceA guide for understanding and complying with data security standard for merchant levels 2,3, and 4 by James M Barrow. Sure, it’s essential that websites get scanned at least quarterly and after changes are made, but  there is so much more to being compliant. If you get the chance, get this book!

Posted in PCI Compliance, Website Security | No Responses »
Tags: , , , , , , , , , ,

What Visa says about PCI Compliance

Thursday, September 3rd, 2009

I found this great article from Visa about the PCI Compliance Acceleration Program. According to the article, the validation for merchant compliance is prioritized based on the volume of transactions, the potential risks, and the exposure introduced into the payment system.

Visa – PCI Compliance Acceleration Program

Posted in PCI Compliance, Website Security | No Responses »
Tags: , , , , , , , , , ,