Passing the PCI Buck: Processor Capabilities Minimize Compliance Costs
This is an archived webinar that was held live on Thursday, February 25, 2010. July 2010 is the deadline for Level 4 merchants...
Payments & Security
A Quick Look at Stripe Payments
Stripe is a new, full-stack payment processor that helps developers add credit card processing to a website very quickly and without worrying about most Payment Card Industry (PCI) requirements. Launched just two months ago, Stripe could be the m...
Eliminating PCI Scope with Authorize.Net's Direct Post Method
Authorize.Net's Direct Post Method allows developers to use a robust payment processing system and maintain full control of the shopper's checkout experience without incurring the burden of Payment Card Industry Data Security Standards (PCI DSS). ...
5 Reasons to Avoid the Cloud
Editor's Note: The recent crash of Amazon Web Services' servers has caused many observers to reassess cloud computing, storing data in cloud servers, and the general reliability of that setup. Amazon's servers, to be sure, are back up and function...
Decoding PCI DSS Requirement 3: Protect Stored Cardholder Data
Credit card data is just as vulnerable to hackers when it’s resting, as when it’s in use. Provisions in Requirement 3 of the Payment Card Industry Data Security Standard (PCI DSS) direct web application developers and IT departments to ensure pers...
Deploying a Secure Ecommerce Application in the Cloud
As cloud computing continues to move from "early adopters" to the "early majority," many online retailers are starting to evaluate the cloud as a valuable alternative. Lower upfront and running capital expenses, lower operation expenses, faste...
Decoding PCI DSS Requirement 6: Develop and Maintain Secure Systems and Applications
The main directive of the Payment Card Industry Data Security Standard (PCI DSS) Requirement 6 is to "develop and maintain secure systems and applications." At a high level, the requirement seems reasonable and the language in the title is simple ...
Decoding PCI DSS Requirement 4: Encrypting and Storing Credit Card Data
Data encryption seems complicated, and in most cases it lives up to that complexity. This is especially when encryption requirements go beyond the basics, such as names and passwords, to include highly confidential information like social security...
Code Signing 101: Providing End-User Peace of Mind
Most new software is designed to be downloaded and upgraded directly from the Internet, allowing developers and web publishers to offer more choice and customization than ever before. These innovative applications enhance websites, mobile device...
Apple, Adobe, and Web Apps Need to do More for Security
Web developers concerned about security vulnerabilities in the web pages and applications they create and in the software they use got surprising news this weekend when a renowned hacker said that Apple, Adobe, and web applications were behind Mic...
Audio Interview: Bryan Johnson & Dan Manges of Braintree Payment Solutions
Bryan Johnson is the CEO of Braintree Payment Solutions, the card-not-present processing solution company whose transparent redirect can take a mer...
Understanding the PCI Compliance Pie and the Developer's Slice of It
When you develop websites that collect credit card payments, part of your responsibility is to establish and maintain the sites' PCI compliance. If followed properly, the Payment Card Industry Data Security Standard (PCI DSS) does an effective j...
Audio Interview: Chris Drake, FireHost CEO
Chris Drake is the founder and CEO of FireHost where his main responsibility is solving customers’ problems. “It’s not about secure hosting featu...
Tokenization Eases PCI Burden
Segmenting credit card data and using tokenization greatly reduces the scope of the Payment Card Industry's (PCI) Data Security Standard (DSS), making it easier for small merchants—and the developers that support them—to protect customer credit ca...
"PCI DSS is No Game" Contest, Win $50 Gift Card from Jinx
The Payment Card Industry Data Security Standard (PCI DSS) is the most important standard in ecommerce web development. As a web developer or as an ecommerce business owner, you must take every possible step to secure customer credit card data. N...
Top Five Application-Security Risks for 2010
It wouldn't be the new year without a "best of" or a "top ten" list. For my list, I’ve chosen to expand upon OWASP's (Open Web Application Security Project) recap of the top application security threats to look out for next year. So here they ar...
Audio Interview: Rick Wilson, Executive VP at Miva Merchant
Miva Merchant is pioneer in the shopping cart industry. First launched in 1995, it rose and then fell with the dotcom boom and bust. Executive Vice...
Credit Card Processing: Between a Rock (Hackers) and a Hard Place (Compliance)
For many ecommerce developers, the thought of designing a system to store the credit card data of their clients’ customers is chilling. For good reason. Determined hackers can compromise the most sophisticated network by combining simple, free to...