Penetration Testing Needed; New PCI Standards Not Being Met

Ecommerce holiday orders will start arriving very soon and Internet retailers are feverishly making last-minute adjustments to handle the rush. There is obviously much to be concerned with, from natural search and advertising to user experience and analytics. Above all else, however, merchants should be addressing the role of security. 


The most recent version of the Payment Card Industry Data Security Standard (PCI DSS 3.0) will require that Internet retailer implement and perform penetration testing. The new standard carries the different methods of security authentication and session management so businesses can protect against man-in-the-middle, man-in-the-browser and other similar cyber-attack methods. A new study from Tripwire, however, reveals that the retail industry hasn't yet implemented these new security requirements and that could result in a big 'ol lump of coal come Christmas.


The security and compliance management solution found that just 41 percent of the retail sector currently uses penetration testing to identify security risks, and only 44 percent has either fully or partially deployed file integrity monitoring in place. And if you're a higher-up in your retail enterprise you better make every effort to get a clear picture of what's happening - 62 percent of the IT professionals surveyed say that negative facts about security risks are filtered before being communicated with senior executives.