Blog Posts Tagged with "Payment Processors"
August 09, 2012 Added by:PCI Guru
The PA-DSS has a procedure that the PA-QSA can follow to determine that version changes have not affected cardholder data processing and the application’s PA-DSS validation. Without that validation, as a QSA, our hands are tied and we must conduct a full assessment of the application under the PCI DSS...
June 13, 2012 Added by:Headlines
"The Company's ongoing investigation recently revealed potential unauthorized access to servers containing personal information collected from a subset of merchant applicants. It is unclear whether the intruders looked at or took any personal information... however, the Company will notify potentially-affected individuals..."
May 11, 2012 Added by:PCI Guru
The PCI SSC only requires its assessors document the services they provide in their assessment reports. While that offers a certain amount of transparency, when you read some of these ROCs, it becomes painfully obvious that some QSACs are assessing their own security services...
May 02, 2012 Added by:david barton
Credit card processors have valuable information that bad guys would love to get their hands on. So processors are the Fort Knox of the modern world. When bad guys are motivated, no amount of security can keep them out. Does that mean PCI-DSS standards are worthless?
April 04, 2012 Added by:PCI Guru
Most financial institutions purchase their software applications from third party development firms. With all of the regulatory changes going on in the financial institution industry, these software firms have been focused on those regulatory changes and not PCI compliance...
April 03, 2012 Added by:Pierluigi Paganini
Global Payments' announced that Track 2 data was stolen, which is used by the bank. Track 1 data generally refers to the information reported on the front of a bank card. So if this information was stolen along with that contained in Track 2, it is possible to clone a card...
March 30, 2012 Added by:Headlines
"Visa Inc. is aware of a potential data compromise incident at a third party entity... Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards..."
March 19, 2012 Added by:Headlines
"The market-wide exercise showed that the banking community is prepared to handle some aspects of a cyber attack, but must shore up other areas. I encourage all managers to think about whether they are have adequate, practical plans in place..."
December 08, 2011 Added by:PCI Guru
A number of clients recently prompted me on my take regarding Redirects and Reposts as they attempt to shrink their PCI compliance footprint as small as possible. A lot of them like the idea of the repost because it requires only a simple change to their existing e-Commerce sites...
November 21, 2011 Added by:Mark Baldwin
Just about every adult website has an affiliate program and it is not uncommon for scammers to look for ways to take advantage of these programs. I was recently informed by a large payment gateway operator of a scam that is currently in operation. Here is how it works...
Mass Disclosure of Vulnerabilities in SAP... john niko on 12-09-2013
Join Trend Micro & SecurityWeek in Belle... Shah Alam on 12-06-2013
Looking Beyond "Black Box Testing"... Paul Reed on 12-03-2013