Reader's Favorite Nuggets
Recent Hits All Time Matt's Favorites
Recent Reader's Favorites

Our Nugget List

POS and Jewelry Website Software Security

This is part 4 in our series about compliance requirements with the PCI Data Security Standards (PCI DSS).

We've taken the last 3 Daily Nuggets to explain items #1 and #2 shown below. We know this information is both boring and frightening at the same time. It's a necessary evil in understanding what you need to do for website security and jewelry store network security.

The Security Standards Council created PCI Standards to protect cardholder information from being stolen.

Here's our list of topics with links next to the previous day's Nuggets.

Introduction: You will hate PCI compliance too
1. Storing cardholder data on your website
2. Protecting internal and wireless networks in your store
3. Security used in payment card applications
4. Controlling which of your employees has access to cardholder data
5. Frequency of testing and reporting

3. Security used in payment card applications

Unless you are developing your own software you really won't have control over the security used in the payment card applications you use. These "applications" refer to the internal communication between your point-of-sale computer and your payment processing company, and the communication between your website and your online payment processing company.

To accept on-line customer payment card information you need to set up a secure certificate on your website. The secure certificate encrypts all communications so no one can eavesdrop and capture the credit card information as it's being sent to you.

Similarly, your website or POS needs to encrypt all communications to and from the payment processing company. As we said, this is usually out of your control, but there are steps to ensure you are protected.

The PCI Security Standards Council publishes a list of all certified software companies that have passed PCI Compliance testing. This full list of software companies is quite long, but you probably won't find any jewelry POS listed on it. You will find a few of the popular e-commerce gateway programs, but even that specific list is very short.

Don't worry though; just make sure your website company and your POS company state their PCI Compliance in their sales literature or contracts.

With regard to your website, even if your web development company or website software says it's PCI compliant, you will need to prove it. That proof is done through routine testing for security holes which we will explain on Wednesday this week.

We're not trying to frighten you with all these technical security worries; we just want to make sure you understand them. If you're serious about creating an e-commerce jewelry website, you need to have a basic understanding of this stuff.
AT: 04/16/2012 09:29:35 PM   LINK TO THIS GOLD NUGGET
Confused and worried about your mobile website options? Click here to find out how to get your own website evaluation and a game plan to make it better.

Like This Jewelry Website SEO Gold Nugget? Please Share!

Like Our Site? Follow Us!

0 Comments on POS and Jewelry Website Software Security

Post a Comment

Check here for Anonymous


Please contact me at the phone number and address below
Phone Number



User Verification
2 9 1 4 1 8 7
Please enter the number you see in the box.
[ What's This? ]
Sign Up For Emailed Daily Gold Nuggets

"...articles are easy to follow and seem to have information one can use right away."
-Ann, Gallery 4, Hamden CT

"...serious kudos to you. We love your straight talk, pertinent information and plain language. I don't know how many industries have something of jWAG's caliber available, but I learn from the emails every day. Really, really nice work, and very appreciated."
-Cheryl Herrick, Global Pathways Jewelry