The PCI Security Standards Council has released an update of its 2013 guidance on e-commerce that offers practical advice to merchants on understanding and maintaining a secure e-payment platform. Best Practices for Securing E-commerce is the result of a comprehensive study on payment security challenges by a Special Interest Group that included merchants, financial organizations, and service providers.
As online sales have increased significantly, the Council emphasizes the importance of encryption. In 2015, the Council said that those who accept payment cards must employ TLS 1.1 encryption or higher by next year June. Google, meantime, has said that use of HTTPS is necessary and now Chrome browser users are warning users when they visit a non-HTTPS website.
Said Troy Leach of the PCI Security Standards Council: "This information supplement is a testament to their (community members) collaboration and willingness to share their experience with others and provides easy to understand examples of e-commerce scenarios along with best practices to secure cardholder data and meet PCI DSS requirements."
Click here for supplement.