The PCI Security Standards Council has released its new PCI DSS eCommerce Guidelines for online security. The guide comes with a checklist of security recommendations and reminds for merchants and third-party providers.
“Fraud is moving down the chain to the card-not-present environment, and we’re seeing the same old things leading to the compromises,” said Bob Russo, general manager of the PCI Security Standards Council. “Take SQL injection. It’s an exploit that is 12 years old, and there are so many ways to prevent this. But we still see sites getting exploited by SQLs over and over again.”