February 19, 2009, 12:00 AM

Online retailers should abide by federal as well as PCI security guidelines

The Internet Crime Complaint Center offers a lot of security tips that can help online retailers better meet Payment Card Industry Data Security Standard guidelines, security experts say.

Paul Demery

Managing Editor, B2B E-commerce

 

The Internet Crime Complaint Center, a federal government backed organization commonly known as IC3, offers a lot of security tips that can help online retailers better meet Payment Card Industry Data Security Standard guidelines, security experts say.

“IC3 guidelines are best practices that help online merchants get ready to meet PCI security levels,” says Andrew Lauter, chief technology officer with Accertify Inc., a provider of provider of technology and services for preventing fraud in card-not-present payment transactions. Payment Card Industry Data Security Standard guidelines, often referred simply as PCI, provides several steps that retailers are expected to follow to prevent the theft of consumer payment account data from their networked databases.

The IC3, located on the web at IC3.gov, operates as a partnership of the Federal Bureau of Investigation, the National White Collar Crime Center of the U.S. Department of Justice, and the Bureau of Justice Assistance, a non-profit organization supported by the Justice Department.

Among the IC3’s guidelines, for example, is to disable procedure calls that can enable criminals to launch successful SQL server attacks, primarily against Microsoft SQL servers. The IC3 specifies that companies should disable procedure calls known as xp_cmdshell, OPENROWSET and OPENDATASOURCE. If a merchant needs to use these procedure calls, which are designed to pull information from databases, they should install special IP filters on their SQL servers, the IC3 says.

Other IC3 guidelines cover the number of characters in web page addresses and steps to secure dynamic web site content.

 

 

Comments

Sign In to Make a Comment

Comments are moderated by Internet Retailer and can be removed.

Not a member? Signup for free today!

Advertisement

Advertisement

Advertisement

Relevant Commentary

FPO

Jason Squardo / Mobile Commerce

Five tips for achieving high mobile search rankings

Searches on mobile devices will soon exceed those on computers, Google says. Retailers that keep ...

FPO

Sergio Pereira / B2B E-Commerce

Quill turns to its B2B customers for new ideas

Coming in April is a new section of Quill.com that will let customers and Quill ...

Advertisement