August 05, 2008

Solutions Daily

June 30, 2008 was the deadline for businesses all over the world that process credit card transactions to protect their web applications from hackers and ID thieves. Merchants that fail to meet the Payment Card Industry Data Security Standard (PCI DSS) may face heavy fines of up to $500,000 levied by credit card companies.

“These web application security regulations that used to be best-practices are now mandatory and it’s going to catch a lot of businesses off-guard,” says Pacific Coast Information Systems Ltd. (PCIS) President Vaclav Vincalek, citing a recent NetIQ survey that showed just 23 per cent of surveyed businesses were PCI DSS compliant. “Businesses that fail to deploy web security auditing services like the innovative Boonbox tool, Devfense, and invest in web application firewalls from recognized experts simply aren’t security compliant.”

“The credit card companies have an incentive to be pretty heavy-handed in enforcing these rules. They know that if the majority of customers no longer feel safe in using credit cards because of lax security measures on the part of merchants, the business model of using credit cards for all kinds of purchases is put at risk. Meanwhile, customers have been suffering ID theft from poor corporate security for years – and they’ve had enough.”

The number of PCI DSS compliant businesses may be even lower than the number indicated in the NetIQ survey, Vincalek notes. “The Privacy Commissioner of Canada Jennifer Stoddart noted recently that most companies lack even basic privacy and security measures – so the situation may be even worse than anybody realizes.”

Up to 75 per cent of hacker attacks are targeting the web application layer, according to Gartner analysts. But typical IT security measures like firewalls and virus scanning software are not effective against cross site scripting and SQL injection attacks on websites and web applications, Vincalek notes.

“Companies that want to avoid fines and be confident about avoiding a security breach costing millions of dollars in legal bills and crisis management need to get PCI DSS compliant.”

Devfense is a web security audit tool from PCIS' Boonbox product line. Devfense scans web applications to help businesses ensure full compliance with a wide range of web security regulations, including PCI DSS. "The tools are already available for businesses that want to be secure," Vaclav says. "Businesses that use a web audit tool like Devfense may also take advantage of web security consulting to ensure vulnerabilities are closed to address the risk factor."

Pacific Coast Information Systems (PCIS) Ltd. is a full-service technology and consulting firm based in Vancouver. Founded in 1995, PCIS provides technical assessment & services, business analysis, and IT project management.

Boonbox, a division of PCIS, was created in 2007. Boonbox specializes in productivity solutions that deliver immediate results in support of business challenges like security compliance, password protection and data backup issues. Reprinted with permission.