Skip to Main Content
Credit card fraud on the Internet is a serious and growing issue. Many criminals have hacked into merchant databases to obtain cardholder details enabling them to conduct fake transactions or to sell the details in the digital underground economy. The card brands have set up a standard called PCI DSS to secure credit card details when they are stored online. We investigate the standard and find significant flaws especially in its requirements on small businesses. Finally, we propose some general rules for the secure management of online data.