PCI DSS

37d5f81e2277051bc17116221040d51c

Banks and Credit Card Issuers Move Toward Chip and PIN

December 20, 2011 Added by:Robert Siciliano

Credit cards that incorporate an embedded microprocessor chip are far more secure than any other form of credit card currently available, including the standard magnetic striped cards that are all too easy to skim at ATMs and point of sale terminals...

Comments  (0)

Fe3139b2aae983885565da7757da08a8

Chatting With An Auditor About Credit Union Compliance

December 16, 2011 Added by:Ed Moyle

Credit unions, by virtue of their regulatory context, have more "interpretive latitude" in how technical security controls get implemented. Meaning they should try on PCI compliance before calling out merchants - especially the big ones - for having it soft...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

PCI Compliance: What is In-Scope?

December 15, 2011 Added by:PCI Guru

You would think this question would be easy to answer when talking about the PCI standards because all that processes, stores or transmits cardholder data is in-scope. However, the nuances in the implementation of technological solutions do not always allow a black and white answer...

Comments  (1)

Fe3139b2aae983885565da7757da08a8

Google Wallet and the Edge of PCI’s Regulatory Map

December 14, 2011 Added by:Ed Moyle

Folks might object to sensitive data being stored in cleartext within Google Wallet - I sure do - but the problem isn't so much Google Wallet but instead the fact that mobile devices are blurring the lines between what's a payment application and what's not...

Comments  (0)

Ad5130e786d13531cc0f2cde32dacd0f

PCI DSS Risk SIG Announced: Results Will Be Interesting

December 12, 2011 Added by:Andrew Weidenhamer

The one that I am most interested in seeing is the results of is the Risk Assessment SIG. Although IT Risk Assessments has been a term that has been used for decades now, they are still rarely performed and almost always poorly when they are in regard to effectively considering threats...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Merchant Beware – New Mobile Payment Solution in the Wild

December 12, 2011 Added by:PCI Guru

Even if Square’s software encrypts the data, the underlying OS will also collect the data in cleartext. Forensic examinations of these devices have shown time and again that regardless of what the software vendor did, the data still existed in memory unencrypted...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

PCI Compliance: On Redirects and Reposts

December 08, 2011 Added by:PCI Guru

A number of clients recently prompted me on my take regarding Redirects and Reposts as they attempt to shrink their PCI compliance footprint as small as possible. A lot of them like the idea of the repost because it requires only a simple change to their existing e-Commerce sites...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Controls Have to be Executed Perfectly Every Day

December 04, 2011 Added by:PCI Guru

Security is not perfect, and controls have to be executed perfectly every day, every year - else that is where things always go awry. If you execute controls consistently, your organization should be very difficult to compromise and the bad guys will find an easier target...

Comments  (0)

D15e0b682a84587af9af463961d00f22

e-Commerce Risks for Cyber Monday and the Holidays

November 28, 2011 Added by:John Nicholson

To deal with the potential volume, they can turn to cloud-based services to add capacity and prevent the site from crashing, but as we'll discuss below, the availability commitments made by many cloud services create their own risks...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Nearly 80% of Retailers' Data at High Risk

November 24, 2011 Added by:Robert Siciliano

Now, after five years of pushing standards out to merchants and retailers, a Verizon study has found that 79% of retailers are noncompliant. No matter how you slice it, retailers are a target and must employ multiple layers of fraud protection to thwart cyber criminals...

Comments  (0)

Ad5130e786d13531cc0f2cde32dacd0f

Decrypting QSA Qualifications in a Diluted Market Place

November 21, 2011 Added by:Andrew Weidenhamer

One of the biggest challenges is how to determine which 3rd party QSA company to use. With 120+ QSA companies certified to perform On-Site Assessments in the USA, there is not an easy answer, unless of course price is the only consideration. Unfortunately, sometimes this is the case...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Webcasts: PCI DSS Demystified and Mobile Device Security

November 14, 2011 Added by:Infosec Island Admin

This SC magazine free webcast was inspired by the spate of smaller companies being caught out recently by PCI loopholes then incurring massive reputational and financial damage as a result, plus another on what to do about security as iPads, Smartphones proliferate in the workplace...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

This Year’s PCI SSC SIG Proposals

November 02, 2011 Added by:PCI Guru

This SIG is to be created to guide merchants and service providers in what should be the result of a proper risk assessment, not create another risk assessment methodology. While such an Information Supplement is an admirable ideal, you understand why this SIG is a losing proposition...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Javelin Study Shows Increased Credit Card Fraud Risk

November 01, 2011 Added by:Robert Siciliano

Not a week goes by when we don’t hear of another major breach affecting thousands or even millions of customer accounts. Criminal hackers are getting smarter and savvier all the time, and they often have better technology than the banks and retailers tasked with protecting your data...

Comments  (0)

1156f97fa8f23821bd838fe7d9283d90

Welcome to the PCI Prioritization Approach

October 27, 2011 Added by:David Sopata

Organizations often start implementing security controls on all of their systems throughout the company without really knowing what systems should be in scope or which systems should not be in scope for PCI. Hence, the PCI DSS Prioritization Document and Tool was developed...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

PCI and the Insider Threat

October 24, 2011 Added by:PCI Guru

The biggest problem with the insider threat is that it does not matter how much technology you have to protect your assets as it only takes one person in the right place to neutralize every last bit of your security solutions. Just ask anyone any of the recently breached organizations...

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »