Abathengisi abaningi abane- iwebhusayithi ye-e-commerce Cishe usuzwile ngegama elithi PCI Compliance, kodwa akubona bonke abaqondayo ukuthi lisho ukuthini ngempela ngebhizinisi labo eliku-inthanethi. Ngakho-ke, ngezansi sizokutshela kancane ukuthi kuyini. Ukuhambisana kwe-PCI nokuthi kungani kubalulekile ku-Ecommerce yakho.
Kuyini Ukuthobela i-PCI?
Okokuqala kufanele ukuqonde lokho I-PCI Compliance akuwona umthetho noma umthetho kahulumeniIgama layo elilungile yi-PCI DSS, okusho ukuthi “Imboni Yekhadi Lokukhokha – Ukuphepha Kwedatha” Standard"futhi lokho kubhekisela ku-a izinga elinezidingo zokuphepha okufanele bonke abathengisi, abakhulu noma abancane, bathobele.
Wonke umthengisi kufanele athobele Ukuthobela kwe-PCI, ngisho noma ungabambi inani elikhulu lemisebenzi noma usebenzisa abahlinzeki bezinkampani zangaphandle, njenge amapulatifomu e-commerce aphethwe, ukunikeza ulwazi lwekhadi lesikweletu. Kubathengisi abanjalo abakhipha izinqubo zabo zokukhokha, i Umthamo we-PCI Ngokuvamile kuncane, futhi izimfuneko zokuqinisekisa Zincane, kodwa azishabalali.
Ukuthobela i-PCI kusebenza kunoma yiliphi ibhizinisi
Abaningi Abathengisi be-Ecommerce Bacabanga ukuthi Ukuthobela kwe-PCI akusebenzi emabhizinisini abo ngoba mancane kakhulu. Eqinisweni, leli zinga lisebenza ku noma iyiphi inkampani ecubungula, egcina noma edlulisa idatha yekhadi lokukhokhaUma, njengomnikazi wesitolo se-e-commerce, ungakuthathi njengokubalulekile ukuphepha futhi ukugebenga kuholela ekuntshontshweni kolwazi lwekhasimende, ungabhekana nemiphumela emibi kakhulu.
Ngenxa yalokho, I-PCI Compliance iyisibopho uma izinkokhelo zekhadi lesikweletu zamukelwa.; ukwehluleka ukuthobela kungaholela ekutheni izinhlawulo zenkontileka, izindleko ezingeziwe zezehlakalo, izindleko zokuthola eziphezulu futhi, ezimweni ezimbi kakhulu, i ukulahlekelwa ikhono lokucubungula amakhadi. Ngakho-ke ukubaluleka kokuthobela kwe-PCI kwe-Ecommerce nokuthi kube okuthembeke kakhulu kumakhasimende akho.
Izidingo ezibalulekile ze-PCI DSS: Izinjongo nezilawuli
I-PCI DSS ihlanganisa izilawuli zayo zibe Izinhloso ezi-6 y 12 izidingo zobuchwepheshe kanye nenhlangano eziqinisa ukuphepha:
- Yakha futhi ugcine inethiwekhi evikelekile: 1) i-firewall imiswe kahle; 2) shintsha imininingwane ezenzakalelayo.
- Vikela idatha yomnikazi: 3) vikela idatha egciniwe; 4) ukubethela ekuhambeni kumanethiwekhi omphakathi.
- Phatha ubungozi: 5) i-antivirus/i-antimalware ebuyekeziwe; 6) ukuchibiyela kanye nokuthuthukiswa okuvikelekile.
- Lawula ukufinyelela: 7) ukufinyelela okusekelwe isidingo sokwazi; 8) I-ID ehlukile kanye ne-MFA; 9) izilawuli zomzimba.
- Gada futhi uhlole: 10) ukubhaliswa kanye nokulandeleka ukufinyelela; 11) ukuhlolwa ngezikhathi ezithile nokuskena.
- Inqubomgomo yezokuphepha: 12) uhulumeni nokuqeqeshwa kubo bonke abasebenzi.
Imikhuba emihle ihlanganisa: ukuhlukaniswa kwenethiwekhi, lo uphawu ukunciphisa idatha egciniwe, ukuhlolwa kokungena, kanye nokubuyekezwa kwesigaba sonyaka semithetho ye-firewall.
Amazinga okuhambisana nokuqinisekisa
- Izinga le-1: ngaphezu kwezigidi ezingu-6 zokwenziwa/ngonyaka. Idinga I-ROC yi-QSA noma umcwaningi mabhuku wangaphakathi oqeqeshiwe, AOC ngonyaka kanye ama-ASV scan ngekota.
- Amazinga 2–4: ivolumu ephansi. Badinga I-SAQ unyaka (uhlobo ngokuya ngokuhlanganisa: isb., A, A-EP, D), AOC futhi, uma kufanele, Ama-ASV ekota.
Lezi zidingo inkontileka nemikhiqizo yamakhadi. Ukwehluleka ukuthobela kungaholela ekutheni imiphumela yezomnotho kanye nokusebenza.
Ungayithola kanjani futhi ugcine kanjani ukuthobela e-commerce
1) Yehlisa ububanzi: Sebenzisa amasango asingethwe, ukwenza amathokheni, nokuhlukanisa ukuze uqinisekise indawo yakho isingatha idatha ebucayi kancane. 2) Qinisa ukucupha: Susa amaphasiwedi amisiwe, phoqelela i-MFA kanye nomgomo welungelo elincane. 3) Vikela idatha: Bethela kwezokuthutha (i-TLS eqinile) futhi, uma igciniwe, bethela ngokuphathwa kokhiye ovikelekile. 4) ukugada okuqhubekayo: SIEM, ukugcinwa kwelogi, izexwayiso kanye ASV scan njalo ngekota. 5) Ukuhlolwa: ukuhlola ngezikhathi ezithile nokulungiswa kokutholakele. 6) ukuphathwa kobungozi: i-inventory, i-patching kanye ne-antivirus. 7) Izinqubomgomo nokuqeqeshwa: Ukuqwashisa abasebenzi kanye nempendulo yesigameko. 8) imibhalo: lungiselela i-SAQ/ROC ne-AOC ngobufakazi obusha.
Amasango okukhokha kanye nezikhwama zemali
I-Los ukukhokha amasango y wallet digital, njenge paysafecard, kufanele futhi ihambisane ne-PCI DSS. Izitifiketi zabo ziyasiza ukunciphisa ububanzi yomthengisi, kodwa hhayi abakhululiwe ukuze uhambisane nezilawuli ezisebenza endaweni yakho (isb., ukuphepha kwewebhu, ukuphathwa kokufinyelela kanye namalogi).
Idatha evikelekile nemikhuba emihle
PCI ivikela ulwazi ezifana PAN (inombolo yekhadi), igama lomnikazi wekhadi, usuku lokuphelelwa isikhathi, amakhodi wesevisi, landelela idatha kanye nezici zokuqinisekisa ezibucayi njenge I-CVV y I-PIN (okugcina akufanele nanini kugcinwe). Izincomo ezibalulekile: ungalondolozi idatha ngaphandle uma kunesidingo, nciphisa ukugcinwa kwakho futhi usebenzise ithokheni.
Izinzuzo kanye nezingozi
Ukuhambisana ne-PCI DSS kunciphisa ukukhwabanisa, ivikela i idumela futhi kuthuthuke ukuzethemba yeklayenti. Ukungathobeli kuveza obala izikhala, izinhlawulo ezingaba khona, ukubuyekezwa okuphoqelekile kophenyo, kanye nokulahlekelwa ikhono lokwamukela amakhadi.
Ukwamukela i-PCI DSS kuhlanganisa isiko loku ukuphepha ngokuklama lokho kuvimbela izigameko ezibizayo, kusiza ukucwaningwa kwamabhuku, futhi kuqinisekise ukuzizwisa kokukhokha okushelelayo nokuthembekile kumakhasimende akho.
