What if your PCI Compliance authorized scanning vendor wants you to only allow RC4-SHA as a SSL CipherSuite in order to pass PCI Compliance against the SSL BEAST Attack? Here are the tested settings.
I recently had the wonderful opportunity to read a well written book by Melinda F. Emerson, Become Your Own Boss In 12 Months.
Melinda, who hosts the Small Business Chat on twitter every Wednesday night from 8 PM to 9 PM Eastern Time, focuses on helping people become entrepreneurs and for the small businesses they create to grow and succeed.
A lot about what Melinda shares involve proper planning and preparation.
Whether you have been in business for many years, or are just starting up… did you know that if you properly plan and prepare for your ecommerce store you greatly increase your opportunity to succeed?
Just as more government regulations tend to strangle a small business to death (worse case) or slow its growth (best case), so goes for PCI Compliance standards which add little to no practical value to security.
What are the services you need from Dynamic Net, Inc. once you’ve made the decision you want to have a fully integrated (i.e. the customer never leaves your web site) PCI Compliant hosting experience?
Maybe you’ve been one of our customers for years, and need to be PCI compliant for your eCommerce offerings. Maybe you’ve read Revealing the process of becoming PCI Compliant, and decided you want care from a provider with high integrity as well as great security. Either way, you want to know the minimum requirements you need from us in order to get off the ground and become PCI Compliant.
If you want to accept credit cards online, then you need to be PCI Compliant, whether your business is brand new, or your business been established for centuries.
Over the years, we’ve helped various business owners and managers to become PCI Compliant.
To those who have not gone through the PCI Compliance process, the road to having their first PCI Compliance certificate can look long, hard, and daunting.
This article is meant to take away the sting, especially for first time business owners and managers, by revealing the process of becoming PCI Compliant.
Even though we strongly believe security should be an entitlement for hosting customers, we strongly believe that security starts at home.
A hosting provider can have the most secure environment in the world, but if the customer uses weak passwords and out-dated applications, then that’s like waving a sign stating “thieves and vandals welcome.”
According to a Gartner Survey done in August 2006, approximately $2 billion in ecommerce sales were lost because of security concerns among online shoppers. Providing a secure online environment builds customer trust in your website and can translate into increased sales and other conversion activity. Website security is a must for online transactions.
I think one of the lessons we all learn growing up is that being a snitch — tattling, whistle blowing, etc. — is a bad thing; and that only in the face of death (even if that counts for anything) should you even consider being a snitch.
Sometimes I think that attitude is so pervasive in our society, at large, that most of us impacted by hackers do not even consider snitching on the hacker who tried to break into our web site, email, database, or server. Even if it did cross one’s mind, some might have the attitude of what good will it do especially given the global nature of the Internet — who has jurisdiction, language barriers, culture barriers, and what else might be present.
How does one even know if their web site or server is subject to being attacked?
Does your hosting provider believe you are entitled to peace of mind? Does your hosting provider believe you have the right to be secure in your own (hosting) home? If yes, what are their actions? Let me share with you, our point of view.
What can be done to go above and beyond PCI compliance? What can be done to proactively know if a shared hosting customer has malware or hacks on their site?
Would it make sense for some one to tell you a building was being kept secure from trespassers; yet, as you watched, over time, you didn’t see anyone on foot patrolling the area (inside or out), did not see anyone watching monitors (where there even cameras monitoring areas?), there were no recordings from the monitors being kept for any period of time. How would you feel about the security of the building? Could the security team learn from break in attempts? Would the security team even know if there was a break in?
Are you involved in the PCI Compliance dance? Do you know your partners? Do you need a PCI Compliant hosting provider who takes the dance seriously? Who will hold your hand, and walk you through any difficult or tedious step?