The Payment Card Industry Security Standard Council issues the PCI DSS framework to provide standards and requirements for merchants accepting payment cards and ultimately to secure consumers payment data. However, there is a specific and critical stage in the payment lifecycle that is currently absent from this framework – data creation. Websites are now a primary and growing entry/creation point for payment data.

This briefing explains the universal flaw, describes the attack methodology, discusses the benefits and limitations of various mitigation options, highlights the need for real-time prevention, and proposes requirements and a testing standard for website owners evaluating potential compensating controls. This white paper will discuss threats, caveats, and the impact of payment data exposure.

It appears you don't have a PDF plugin for this browser. No biggie... you can click here to download the PDF file.