PCI DSS

145dfdfe39f987b240313956a81652d1

Small Tech Firms Pursue Level 1 Service Provider PCI Compliance

July 01, 2012 Added by:Stacey Holleran

Small technology companies are finding themselves in a unique business situation as prospective clients increasingly request software applications and hosting solutions that can accommodate secure mobile payment transactions, bringing these technology companies to the forefront as “merchant service providers”...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Call Centers and PCI Compliance

June 28, 2012 Added by:PCI Guru

In a call center environment where operators are taking orders over the phone and accepting credit/debit cards for payment, until the card transaction is either approved or declined, we are talking pre-authorization data. Only cardholder data after authorization or decline is covered by the PCI DSS...

Comments  (2)

Fc152e73692bc3c934d248f639d9e963

More on PCI Scoping

June 22, 2012 Added by:PCI Guru

“At least annually and prior to the annual assessment, the assessed entity should confirm the accuracy of their PCI DSS scope by identifying all locations and flows of cardholder data and ensuring they are included in the PCI DSS scope"...

Comments  (1)

Fc152e73692bc3c934d248f639d9e963

The Failure Of PCI?

June 13, 2012 Added by:PCI Guru

The biggest problem with PCI DSS standards comes down to the fact that humans are averse to being measured or assessed. Why? It makes people responsible and accountable for what they do, and few people want that sort of accountability – we all much prefer wiggle room in how our jobs are assessed...

Comments  (1)

37d5f81e2277051bc17116221040d51c

POS Skimming: Bad News for Banks and Merchants

June 12, 2012 Added by:Robert Siciliano

EFTPOS skimming — which stands for “electronic funds transfers at the point of sale” — involves either replacing the self-swipe point of sale terminals at cash registers with devices that record credit and debit card data, or remotely hacking a retailer’s POS server...

Comments  (0)

Ad5130e786d13531cc0f2cde32dacd0f

PCI’s Money Making Cash Cow Not So Good for the Industry

June 07, 2012 Added by:Andrew Weidenhamer

The level of scrutiny the PCI DSS has been subject to the last couple of years has been bad enough to accentuate it with the advent of the ISA program. The false sense of confidence the ISA program gives individuals is insanely bad for the industry. Like any other certification, the test isn’t difficult..

Comments  (1)

145dfdfe39f987b240313956a81652d1

Small Merchant Data Security: Helping Them Help Themselves

May 17, 2012 Added by:Stacey Holleran

Many small merchants—whether selling online or brick-and-mortar, or both—don’t have the technological background to understand the steps necessary for protecting the cardholder information and other sensitive data that passes through (and may be stored in) their business systems...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

A Reason Why the PCI Standards Get No Respect

May 11, 2012 Added by:PCI Guru

The PCI SSC only requires its assessors document the services they provide in their assessment reports. While that offers a certain amount of transparency, when you read some of these ROCs, it becomes painfully obvious that some QSACs are assessing their own security services...

Comments  (0)

8fcd3af85e00d8db661be6a882c6442b

What Good is PCI-DSS?

May 02, 2012 Added by:david barton

Credit card processors have valuable information that bad guys would love to get their hands on. So processors are the Fort Knox of the modern world. When bad guys are motivated, no amount of security can keep them out. Does that mean PCI-DSS standards are worthless?

Comments  (9)

Fc152e73692bc3c934d248f639d9e963

Another Year, Another QSA Re-Certification

April 26, 2012 Added by:PCI Guru

There is a lot of discussion on network segmentation, and this year’s presentation material indicates there are apparently still a lot of QSAs that do not understand the concept of network segmentation and what constitutes good segmentation from poor segmentation...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

When Will PCI SSC Stop the Mobile Payment Insanity?

April 10, 2012 Added by:PCI Guru

The merchant is left to their own devices to know whether any of these mobile payment processing solutions can be trusted. I am fearful that small merchants, who are the marketing target of these solutions, will be put out of business should the device somehow be compromised...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Financial Institutions – Your Time is Coming

April 04, 2012 Added by:PCI Guru

Most financial institutions purchase their software applications from third party development firms. With all of the regulatory changes going on in the financial institution industry, these software firms have been focused on those regulatory changes and not PCI compliance...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

On PCI DSS Compliance Certificates

March 28, 2012 Added by:PCI Guru

All of you processors and acquiring banks that think the only proof of PCI compliance is some mystical PCI DSS Compliance Certificate, stop demanding them. They do not exist and never have. The document you need for proof of PCI compliance is the Attestation Of Compliance, period...

Comments  (0)

A6f413a75686867ef5010ac90b5ceef9

Incident Response and PCI Compliance

March 25, 2012 Added by:Chris Kimmel

One question you should be asking your penetration testing company is, “Do you also test my incident response?” This is an important piece of PCI compliance. As stated by section 12.9 of the PCI DSS v2, a company must implement an IRP and be prepared to respond to an incident...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Data Classification and Controls Policy for PCI DSS

March 01, 2012 Added by:Danny Lieberman

The first step in protecting customer data is to know what sensitive data you store, classify what you have and set up the appropriate controls. Here is a policy for any merchant or payment processor who wants to achieve and sustain PCI DSS 2.0 compliance and protect data...

Comments  (0)

9f19bdb2d175ba86949c352b0cb85572

Compliance in the Digital Era: Watch Out for the Third Party

February 24, 2012 Added by:Neira Jones

It is crucial that businesses understand which controls are needed to maintain the security of their information assets and it is therefore crucial that suppliers are assessed against the business regulatory and compliance framework...

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »