Sponsors

Monday, April 25, 2005

Security Update: PCI and CISP

The following is a copy of an email sent out from our CTO, Jen Heil, to all clients concerning security updates and other exciting changes at MonsterCommerce.
"Dear MC Storefront Owner,
I would like to thank you all for your warm responses to our first security update email. Many of you took the suggestions seriously and have already improved the security of your online store. This email is the second email aimed at informing you about how you can ensure the complete security of your storefront. In this letter, I will cover the details of PCI standards, CISP compliance and what this means to you.

The credit card industry has joined together to help fight credit card theft and fraud. In response to the growing occurrence of these illegal practices, the PCI (Payment Card Industry) data security standard was created. This was developed to establish a 'minimum security standard' with regards to the protection of cardholders' credit card account and transaction information. MonsterCommerce will be releasing a software upgrade that brings our software to the PCI security standard in early May. Our next security update will contain complete information regarding this upgrade.

Although the four major credit card brands are all concerned with security, Visa has taken the lead in this effort and has developed a program entitled CISP. This stands for Cardholder Information Security Program. This program is built around the PCI standard but additionally requires businesses to certify and file proof that their company is compliant with this standard. The depth of the certification process and the required documents to prove compliance vary based on the number of transactions processed by a business within a calendar year. To learn more about the merchant levels, visit Visa's CISP site.

Regardless of your level, all merchants who collect, process or store credit card information are required by Visa and MasterCard to meet the new PCI security standard by June 30, 2005. At a minimum, Visa recommends that you submit a ROC (Report on Compliance) and undergo a vulnerability scan. Whether required to submit or not, it is a good idea to do so as it shows Visa and your customers your commitment to the security of credit card data.

Through an alliance with ScanAlert, the world's leading web site security certification service, MonsterCommerce has become the first full service ecommerce platform provider to provide easy one-click compliance at no additional cost. This new program will allow you to undergo the required vulnerability scan and complete the ROC in a few easy clicks. In the next few days, you will receive a welcome email from Scan Alert containing a login link. Once logged in, you will be able to answer a preliminary set of five questions to help Scan Alert understand your business. After these five questions are answered, you will be asked any necessary follow up questions and then will be prompted to print a PDF document that is a fully completed ROC in the proper format. All you have to do is print this document and send it to your merchant service provider.

In the coming weeks, you can expect to receive letters from your merchant service providers informing you of these requirements. With MonsterCommerce and Scan Alert, you will be well ahead of the curve as the MonsterCommerce platform will be certified against the standard by mid May and you will be able to complete your ROC beginning in just a few days.

The next step in gaining your compliance is to look for the welcome email that will be sent to you directly from ScanAlert within a few days. Simply click on the link in the welcome email and you will be just minutes away from achieving your compliance.


Sincerely,
Jen Heil
CTO, MonsterCommerce.com"