Ecommerce is booming – and so are online threats. With urgent business demands for improved website performance, cross-channel data integration and other issues, are ecommerce companies doing enough to protect customer and critical business data?

I recently reviewed a number of annual reports, quarterly reports and similar filings to learn more about how large corporations are publicly talking about cybersecurity and the threats they face.

This post continues the discussion on the steps merchants can take to better address challenges with ongoing PCI compliance: embedding security controls into everyday processes, performing regular PCI health checks, and preparing for assessments with an organized plan.

Across the US and the UK, adoption of the Payment Card Industry or PCI compliance requirements is slowly gaining momentum, at least among larger merchants. However, problems remain. Many of these organizations are finding that they are now ill-equipped for their next round of assessments, despite having successfully met PCI requirements previously, as demonstrated by a Report on Compliance (ROC) or Self-Assessment Questionnaire (SAQ).

New Report on Compliance (ROC) documentation requirements mean that Payment Card Industry Data Security Standards (PCI DSS) assessments will require additional effort from both merchants and Qualified Security Assessors (QSAs), so plan accordingly.

With an app and a plug-in card reader, even the smallest merchants can accept payment card transactions – but what about PCI compliance?

Yesterday on NBC's Today Show, Dell SecureWorks and CTO Jon Ramsey were asked to investigate an online real estate property scam. Watch the segment here

In Die Hard 2, a group of terrorists virtually take over an airport, knocking the legitimate air control systems offline and replicating those same systems from a different location. In this way they control the airspace over the airport and the planes in the air know nothing is wrong.

Security incidents happen. You need an effective plan to stop an incident from spreading. Eric Browning, a senior security engineer from Dell SecureWorks, discusses how organizations can prepare for success when their network is threatened.

I have been to several PCI Council community meetings now, and I am still amazed at some of the questions that are asked in the general sessions. Clearly more clarifications are needed to the PCI DSS guidelines, because a lot of folks still don't understand which requirements apply in certain situations and what controls will satisfy the intent.