As the online frontier continues to pose unique challenges for merchants tasked with protecting sensitive data supplied by their customers, the PCI Security Standards Council has released a set of supplementary guidelines covering ecommerce activity.

The impetus for this report was primarily community-driven, as an outpouring of questions from business owners and compliance officers prompted the association's leadership to establish a PCI Special Interest Group (SIG) dedicated to the issue. Since then, more than 60 banks, brands, data security auditors and technology vendors have collaborated to issue a more comprehensive list of recommendations.

"Ecommerce continues to be a target for attacks on card data, especially with EMV technology helping drive so much of the face-to-face fraud in Europe and other parts of the world," PCI Security Standards Council European director Jeremy King commented. "We are pleased with this guidance that will help merchants and others better understand how to secure this critical environment using the PCI standards."

PCI experts addressed topics such as common vulnerabilities and best practices in expanded detail, but the new resource also included a dedicated appendix chronicling the division of data compliance responsibilities between merchants and third-party partners in increasingly collaborative work environments.