PCI DSS card payment security explained

GFI Software, the content and network security specialist, has published a useful white paper on the Payment Card Industry Data Security Standards (PCI DSS) - which are due to become mandatory for e-tail Web sites from September onwards.

So what is PCI DSS? It's actually a set of security standards that the card processing companies will require any firms handling card payments on their sites to implement by the end of September.

Requirements range from a mandate to build and maintain a secure IT network and firewall protection, to the implementation of vulnerability and access control procedures.

Despite what Visa and MasterCard have said in the past, the requirements are quite draconian.

This means that, if you're a small e-tail company, it's a dead cert you'll either have to invest in an auditable IT security technology or - more likely - contract out your online card processing to a third party such as Worldpay.

Anyway, I digress - check out the GFI white paper here. Like most marketing papers, it quietly promotes the vendor's products, in this case LANGuard, but it's a good read...