PCI DSS

Fc152e73692bc3c934d248f639d9e963

When Will PCI SSC Stop the Mobile Payment Insanity?

April 10, 2012 Added by:PCI Guru

The merchant is left to their own devices to know whether any of these mobile payment processing solutions can be trusted. I am fearful that small merchants, who are the marketing target of these solutions, will be put out of business should the device somehow be compromised...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Financial Institutions – Your Time is Coming

April 04, 2012 Added by:PCI Guru

Most financial institutions purchase their software applications from third party development firms. With all of the regulatory changes going on in the financial institution industry, these software firms have been focused on those regulatory changes and not PCI compliance...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

On PCI DSS Compliance Certificates

March 28, 2012 Added by:PCI Guru

All of you processors and acquiring banks that think the only proof of PCI compliance is some mystical PCI DSS Compliance Certificate, stop demanding them. They do not exist and never have. The document you need for proof of PCI compliance is the Attestation Of Compliance, period...

Comments  (0)

A6f413a75686867ef5010ac90b5ceef9

Incident Response and PCI Compliance

March 25, 2012 Added by:Chris Kimmel

One question you should be asking your penetration testing company is, “Do you also test my incident response?” This is an important piece of PCI compliance. As stated by section 12.9 of the PCI DSS v2, a company must implement an IRP and be prepared to respond to an incident...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Data Classification and Controls Policy for PCI DSS

March 01, 2012 Added by:Danny Lieberman

The first step in protecting customer data is to know what sensitive data you store, classify what you have and set up the appropriate controls. Here is a policy for any merchant or payment processor who wants to achieve and sustain PCI DSS 2.0 compliance and protect data...

Comments  (0)

9f19bdb2d175ba86949c352b0cb85572

Compliance in the Digital Era: Watch Out for the Third Party

February 24, 2012 Added by:Neira Jones

It is crucial that businesses understand which controls are needed to maintain the security of their information assets and it is therefore crucial that suppliers are assessed against the business regulatory and compliance framework...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Why The Push For EMV Adoption In The United States?

February 20, 2012 Added by:PCI Guru

What is Visa USA trying to prove with this push of EMV? Apparently only Visa USA can tell us because, for the rest of us, there are no business cases we can construct to justify the switch to EMV. Obviously, Visa USA knows something that the rest of us do not. Or do they?

Comments  (2)

9f19bdb2d175ba86949c352b0cb85572

Incident Response: Have You Got a Plan?

February 06, 2012 Added by:Neira Jones

We should always aim to reduce the frequency of security incidents by effectively securing networks, systems, applications and have the appropriate policies and processes in place, and the NIST report helps in providing guidelines on responding to incidents effectively...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Google Wallet and PCI Compliance

January 30, 2012 Added by:PCI Guru

Hackers could decrypt the PAN given the high likelihood that the PIN to decrypt the PAN could be derived from information on a smartphone. The nightmare scenario would be development of malware delivered through the smartphone’s application store that harvests the PII...

Comments  (0)

Ad5130e786d13531cc0f2cde32dacd0f

Restaurant Challenges US Bank and PCI DSS after Seizure of Funds

January 26, 2012 Added by:Andrew Weidenhamer

"The PCI system is less a system for securing customer card data than a system for raking in profits for the card companies via fines and penalties. Visa and MasterCard impose fines on merchants even when there is no fraud loss at all, simply because the fines are profitable...”

Comments  (1)

Ee445365f5f87ac6a6017afd9411a04a

Standards, Audits, and Certifications: Which One is Right?

January 10, 2012 Added by:Jon Long

Many are confused about when to use ISO 27001 certification, PCI certification, SOC 1 (aka SSAE16), SOC 2 & 3, NIST, and CSA STAR. If the information security community cannot decide which one to standardize on, how can customers be expected to know what to do?

Comments  (16)

099757b145caa6965ea51494adbc25ba

On Vulnerability Assessments and Penetration Tests

January 10, 2012 Added by:Drayton Graham

Simply put, a Vulnerability Assessment is a piece of code that will identify and report on known vulnerabilities, but a scanner will likely run into false positives. A Penetration Test goes a step further in that a human exploits vulnerabilities, but false positives do not exist...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

The MPLS Privacy Debate Continues

December 21, 2011 Added by:PCI Guru

Given that at some point MPLS traffic has to technically co-mingle with other customers’ network traffic, how can the PCI SSC claim that MPLS is private? The answer is a bit disconcerting to some, but for those of us with an understanding of the engineering issues, it was expected...

Comments  (1)

37d5f81e2277051bc17116221040d51c

Banks and Credit Card Issuers Move Toward Chip and PIN

December 20, 2011 Added by:Robert Siciliano

Credit cards that incorporate an embedded microprocessor chip are far more secure than any other form of credit card currently available, including the standard magnetic striped cards that are all too easy to skim at ATMs and point of sale terminals...

Comments  (0)

Fe3139b2aae983885565da7757da08a8

Chatting With An Auditor About Credit Union Compliance

December 16, 2011 Added by:Ed Moyle

Credit unions, by virtue of their regulatory context, have more "interpretive latitude" in how technical security controls get implemented. Meaning they should try on PCI compliance before calling out merchants - especially the big ones - for having it soft...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

PCI Compliance: What is In-Scope?

December 15, 2011 Added by:PCI Guru

You would think this question would be easy to answer when talking about the PCI standards because all that processes, stores or transmits cardholder data is in-scope. However, the nuances in the implementation of technological solutions do not always allow a black and white answer...

Comments  (3)

Page « < 8 - 9 - 10 - 11 - 12 > »