Blog Posts Tagged with "Merchants"

Fc152e73692bc3c934d248f639d9e963

PA-DSS Validation Clarification

August 09, 2012 Added by:PCI Guru

The PA-DSS has a procedure that the PA-QSA can follow to determine that version changes have not affected cardholder data processing and the application’s PA-DSS validation. Without that validation, as a QSA, our hands are tied and we must conduct a full assessment of the application under the PCI DSS...

Comments  (0)

145dfdfe39f987b240313956a81652d1

Small Tech Firms Pursue Level 1 Service Provider PCI Compliance

July 01, 2012 Added by:Stacey Holleran

Small technology companies are finding themselves in a unique business situation as prospective clients increasingly request software applications and hosting solutions that can accommodate secure mobile payment transactions, bringing these technology companies to the forefront as “merchant service providers”...

Comments  (0)

48062676f7b2fc521b0b32a3c6494469

Underground Financial Networks

June 26, 2012 Added by:gaToMaLo r. amores

Greendot and other Reloadable debit cards are not a safe means of conducting anonymous financial transfer. The financial networks created by these cards are very prone to network analysis. There is an unacceptable amount of cross network contamination for vendors...

Comments  (4)

Fc152e73692bc3c934d248f639d9e963

More on PCI Scoping

June 22, 2012 Added by:PCI Guru

“At least annually and prior to the annual assessment, the assessed entity should confirm the accuracy of their PCI DSS scope by identifying all locations and flows of cardholder data and ensuring they are included in the PCI DSS scope"...

Comments  (1)

Fc152e73692bc3c934d248f639d9e963

The Failure Of PCI?

June 13, 2012 Added by:PCI Guru

The biggest problem with PCI DSS standards comes down to the fact that humans are averse to being measured or assessed. Why? It makes people responsible and accountable for what they do, and few people want that sort of accountability – we all much prefer wiggle room in how our jobs are assessed...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

Global Payments Breach May Include Merchant Account Data

June 13, 2012 Added by:Headlines

"The Company's ongoing investigation recently revealed potential unauthorized access to servers containing personal information collected from a subset of merchant applicants. It is unclear whether the intruders looked at or took any personal information... however, the Company will notify potentially-affected individuals..."

Comments  (0)

37d5f81e2277051bc17116221040d51c

POS Skimming: Bad News for Banks and Merchants

June 12, 2012 Added by:Robert Siciliano

EFTPOS skimming — which stands for “electronic funds transfers at the point of sale” — involves either replacing the self-swipe point of sale terminals at cash registers with devices that record credit and debit card data, or remotely hacking a retailer’s POS server...

Comments  (0)

145dfdfe39f987b240313956a81652d1

Small Merchant Data Security: Helping Them Help Themselves

May 17, 2012 Added by:Stacey Holleran

Many small merchants—whether selling online or brick-and-mortar, or both—don’t have the technological background to understand the steps necessary for protecting the cardholder information and other sensitive data that passes through (and may be stored in) their business systems...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

A Reason Why the PCI Standards Get No Respect

May 11, 2012 Added by:PCI Guru

The PCI SSC only requires its assessors document the services they provide in their assessment reports. While that offers a certain amount of transparency, when you read some of these ROCs, it becomes painfully obvious that some QSACs are assessing their own security services...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Another Year, Another QSA Re-Certification

April 26, 2012 Added by:PCI Guru

There is a lot of discussion on network segmentation, and this year’s presentation material indicates there are apparently still a lot of QSAs that do not understand the concept of network segmentation and what constitutes good segmentation from poor segmentation...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

When Will PCI SSC Stop the Mobile Payment Insanity?

April 10, 2012 Added by:PCI Guru

The merchant is left to their own devices to know whether any of these mobile payment processing solutions can be trusted. I am fearful that small merchants, who are the marketing target of these solutions, will be put out of business should the device somehow be compromised...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

PCI: When a Breach is Not a Breach

March 08, 2012 Added by:PCI Guru

The lawsuit points out a disconcerting issue with a cardholder data breach: Any incident investigation initiated by the card brands under the PCI standards is going to focus on PCI compliance and not on whether or not the breach actually occurred...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Security Tips When Providing Free Wi-Fi at Your Business

March 08, 2012 Added by:Robert Siciliano

Wi-Fi is great for bringing in customers and as a promotional tool that creates customer loyalty. Merchants such as hotels, coffee shops, burger joints and anyplace with a store front, chairs and tables is offering free Wi-Fi. But what about all the Wi-Fi security threats?

Comments  (0)

959779642e6e758563e80b5d83150a9f

Data Classification and Controls Policy for PCI DSS

March 01, 2012 Added by:Danny Lieberman

The first step in protecting customer data is to know what sensitive data you store, classify what you have and set up the appropriate controls. Here is a policy for any merchant or payment processor who wants to achieve and sustain PCI DSS 2.0 compliance and protect data...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Why The Push For EMV Adoption In The United States?

February 20, 2012 Added by:PCI Guru

What is Visa USA trying to prove with this push of EMV? Apparently only Visa USA can tell us because, for the rest of us, there are no business cases we can construct to justify the switch to EMV. Obviously, Visa USA knows something that the rest of us do not. Or do they?

Comments  (2)

Ebbcdce0dfc85abf519d8b44a017f687

Data Privacy: Oxymoron, Wishful Thinking, or Strategic Goal?

February 03, 2012 Added by:Brian Dean

Consumers are desensitized to breaches, as evidenced by the meager rate of consumers applying for free credit monitoring services after a company breach. If you analyze the data that was breached, sometimes you have to ask, “Why are they even collecting all of that data?”

Comments  (0)

Page « < 1 - 2 > »