馃攳
PCI DSS Compliance for Your Ecommerce Site | The Journey - YouTube
Channel: GoDaddy
[0]
welcome to the journey today we're
[1]
talking about PCI DSS compliance for
[4]
your ecommerce site
[5]
[Music]
[15]
all right today we have our special
[17]
guest Alicia from security she is the
[19]
security expert today to talked about
[21]
PCI DSS compliance now other than just a
[25]
super long acronym what is it
[28]
so PCI DSS stands for the payment card
[31]
industry data security standards and
[33]
it's a set of regulations that were
[34]
actually created by the major credit
[36]
card company so Visa MasterCard all
[38]
those big ones they got together and
[40]
they created a list of standards on how
[42]
people should be using credit card data
[44]
to keep cardholder safe okay so that
[47]
literally anything credit card right
[49]
totally yeah if you're taking credit
[51]
cards over the phone if you have a
[52]
brick-and-mortar store or if you have an
[55]
e-commerce store you need to be PCI
[57]
compliant all right so why is this PCI
[59]
DSS compliance a thing well it's really
[62]
to keep consumers safe right if you're
[64]
using a credit card online you want to
[66]
feel like you're doing so safely and so
[68]
it's a way to make sure that they're
[69]
penalizing organizations who are not
[71]
taking care of your credit card data so
[73]
57% of consumers actually lose trust in
[76]
an organization after knowing that there
[78]
was a data breach on the site wow that's
[80]
scary right so what happens if we're not
[83]
compliant there can be a lot of
[85]
different things that could happen if
[86]
you're found to be non-compliant after a
[88]
data breach has occurred okay probably
[90]
the worst one is that you can actually
[91]
lose the ability to process credit card
[94]
transactions even if you're using a
[96]
third party payment processor yeah so
[99]
that's not idea that could like tank
[100]
your whole business if you can't take
[102]
credit cards online but yeah you can
[104]
also be fine there can be hefty fines if
[106]
you're found to be an offender those
[108]
fines look like it could be tens of
[109]
thousands of dollars for a very small
[111]
business all right so I'm an ecommerce
[112]
site I know I need to be PCI compliant
[115]
what does that actually mean what were
[116]
the actions that I need to take for sure
[118]
so probably the most important thing is
[120]
to get over to the PCI security
[121]
standards website and take the
[123]
self-assessment questionnaire okay some
[125]
of the requirements have things to do
[126]
with like having a website firewall to
[128]
make sure that you're only allowing in
[130]
good traffic and blocking malicious
[132]
attackers sure obviously changing
[135]
default passwords things like that are
[136]
really important but also there's
[138]
requirements about protecting cardholder
[140]
data and how do you store the data how
[142]
do you transmit the data using an ssl
[144]
certificate is very important to make
[146]
sure that when people are typing in
[147]
their credit card on your
[148]
website when they hit send it's being
[150]
scrambled while it's being sent right I
[152]
mean you taught me this there's no one
[153]
in the middle just sniffing out out that
[155]
traffic right exactly
[156]
I think what's important remember like
[160]
this there's a lot of things that you
[162]
have to do to become PCI compliance but
[164]
it's about protecting your business and
[166]
protecting your customers at the end of
[167]
the day on the security blog we talk a
[169]
lot about different types of Magento
[171]
like credit card stealers but those can
[173]
impact any e-commerce site or e-commerce
[175]
plugins or it can even happen where
[178]
instead of you know actively stealing
[180]
the credit card information from your
[181]
site they could actually infect your
[184]
website and redirect people from your
[186]
payment gateway to a malicious one that
[189]
looks like your payment gateway so not
[191]
only are you losing sales but your
[193]
customers are having their data your
[195]
credit cards stolen too so it's doubly
[197]
awful that you were telling me that was
[199]
happening with like PayPal they would
[201]
basically make a sigh that looked
[202]
exactly like PayPal so nobody was the
[205]
wiser and that is just awful yeah
[208]
basically they're fishing your customers
[209]
by putting up a site that looks very
[211]
similar it's a really terrible problem
[213]
and hackers are getting better at making
[214]
really convincing phishing pages right
[216]
that's super hard to track too because
[218]
you don't know you just think your sales
[219]
are just going down you're trying to
[221]
figure out how to boost it Hills totally
[222]
it could be like one in every three
[224]
sales that they're redirecting and
[225]
you're none the wiser so that's why it's
[227]
important to have a website firewall and
[228]
to also protect your website as well as
[230]
whatever you're using to process credit
[232]
card transactions so thank you so much
[234]
for taking us through just an overview
[236]
of PCI DSS compliance I know it's a lot
[238]
but you've been awesome thank you so
[240]
much it was awesome to be here we'll
[241]
have some more resources down at the
[243]
description below make sure you like
[244]
this video add a comment on something
[246]
that you learned while you're there
[248]
subscribe to this channel ring that bell
[250]
so you're the first no and these videos
[251]
are coming out this is the journey we'll
[254]
see you next time
[257]
you
Most Recent Videos:
You can go back to the homepage right here: Homepage