The Payment Card Industry Security Standards Council recently released the PCI DSS E-commerce Guidelines Information Supplement. This document is an excellent resource for any developer engaged in an e-commerce project involving card payments. It provides an introduction to e-commerce security and guidance in the following key areas:
- E-commerce Overview – an explanation of typical e-commerce components and common implementations and outlines high-level PCI DSS scoping guidance to be considered for each.
- Common Vulnerabilities in E-commerce Environments – vulnerabilities often found in web applications (such as e-commerce shopping carts) so they can emphasize security when developing or choosing e-commerce software and services.
- Recommendations - best practices that developers can leverage to help secure their client’s e-commerce environments, as well as list of recommended industry and PCI SSC resources to leverage in e-commerce security efforts.
The guidelines can be found here: https://www.pcisecuritystandards.org/pdfs/PCI_DSS_v2_eCommerce_Guidelines.pdf
After you've read the document, come back and let us know if you found it helpful.
Richard