Skip to main content

Best Practices for Securing E-Commerce

An e-commerce solution comprises the software, hardware, processes, services, and methodology that enable and support these transactions. Merchants choosing to sell their goods and services online have a number of methods to consider. Merchants may also choose to maintain different levels of control and responsibility for managing the supporting information technology infrastructure. For example, a merchant may choose to manage all networks and servers in-house, outsource management of all systems and infrastructure to hosting providers and/or e-commerce payment processors.

Merchants may also decide to engage a third party to perform services that support their e-commerce solution. The service provider or the services may be considered in scope for a merchant’s PCI DSS compliance if the security of the solution is impacted by this service and the service provider has not performed its own assessment. For more information, see the section on “Use of Third-Party Service Providers/Outsourcing” in the PCI DSS.

The cardholder's data may be affected as per the following:

a) Software development on behalf of the merchant
b) Hosted website, either fully or partially managed by the solution provider
c) Hosted data center/network/physical systems in support of a website
d) Shopping-cart software (including software that hands off transactions or customer information to other systems)
e) Order-management software such as chargebacks, returns, etc. that may have access to cardholder data
f) Other hosting options (offline data storage, backups, etc.)—depending on whether the data is encrypted and whether the service provider has access to the decryption keys
g) Merchant plug-ins to support payment brand and issuer authentication mechanisms
h) Managed services, including WAF or log-management services

File Type: PDF
File Size: 1.46 MB
Total Pages: 65

Direct Link Mega:
Download Now
Direct Link AnonFiles:
Download Now
Direct Link Mediafire:
Download Now
Direct Link Solidfiles:
Download Now
Direct Link Sabercathost:
Download Now
Direct Link Tusfiles:
Download Now


Popular posts from this blog

Web Hacking 101

With a Foreword written by HackerOne Co-Founders Michiel Prins and Jobert Abma, Web Hacking 101 is about the ethical exploration of software for security issues but learning to hack isn't always easy. With few exceptions, existing books are overly technical, only dedicate a single chapter to website vulnerabilities or don't include any real world examples. This book is different. Using publicly disclosed vulnerabilities, Web Hacking 101 explains common web vulnerabilities and will show you how to start finding vulnerabilities and collecting bounties.

Hack-X-Crypt (By Ujjwal Sahay)

This is basically a straight forward guide towards ethical hacking and cyber security.Computer hacking is the practice of altering computer hardware and software to carry out a goal outside of the creator‘s original intention. People who slot in computer hacking actions and activities are often entitled as hackers. The majority of people assume that hackers are computer criminals. They fall short to identify the fact that criminals and hackers are two entirely unrelated things.

High Performance Cloud Auditing

This eBook mainly focuses on cloud security and high performance computing for cloud auditing. The eBook discusses emerging challenges and techniques developed for high performance semantic cloud auditing, and presents the state of the art in cloud auditing, computing and security techniques with focus on technical aspects and feasibility of auditing issues in federated cloud computing environments.