PCI Security Standards Council releases new security mandates that e-commerce enterprises must follow
E-commerce enterprises could be penalized if they do not abandon their outdated security protocols. The PCI Security Standards Council has released mandates that businesses must follow, requiring retailers to move away from Secure Sockets Layer (SSL) and embrace Transport Layer Security (TLS) protocols. SSL is a standard security technology that establishes an encrypted connection between a server and those accessing it, but this technology is beginning to grow outdated, especially as cyber attacks become more sophisticated.
Digital attacks are becoming a major threat for the e-commerce world
The PCI Security Standards Council has introduced new security mandates as a response to recent, high-profile digital threats, such as Heartbleed and Shellshock. These threats have caused significant turmoil in the digital space, and e-commerce enterprises may be exposed to risks that have yet to be detected. The organization is now urging e-commerce companies to make changes to their web servers so that they are compatible with TLS protocols. These companies are also being tasked with abandoning SSL support.
Security standards may have an impact on the mobile commerce space as well
These new security mandates will also affect the mobile commerce space. The mobile space has become a valuable target for malicious groups that aim to exploit financial information. Commerce applications are still relatively new, and the companies responsible for these apps are not yet versed in the various risks that exist in the digital space. As such, many apps lack the security they need to find mainstream success and adoption. New security standards could help solve this problem, offering consumers peace of mind when they participate in mobile commerce.
Many companies are still not fully compliant with security standards from the PCI Security Standards Council
Notably, many companies still fail to comply with security mandates issued by the PCI Security Standards Council. According to a recent survey from Verizon, 28% of companies are not fully compliant with security standards nearly a year after they received validation for their security protocols. This could become problematic, as these companies may be unnecessarily exposing themselves to digital risks.