Blog Posts Tagged with "PCI DSS"
Proactive Security versus Reactive Compliance
October 11, 2010 Added by:Robb Reck
The nature of your industry, company and the technologies you utilize will determine the nature of the attacks against you. You cannot depend on a framework or regulatory agency to know what threats are most dangerous to your company. Self awareness and active monitoring are needed...
Comments (3)
The Chip And PIN Debate – Part 1
September 08, 2010 Added by:PCI Guru
When a banker looks at the fraud losses, they see two numbers; the monetary loss and the percentage. At 4.7 percent, fraud losses are considered manageable and can be compensated for by fees. That may be a cold way of looking at things, but that is how business is done...
Comments (0)
PCI DSS from a Linux SysAdmin's Perspective
September 08, 2010 Added by:Jamie Adams
A cursory glance at the PCI DSS might lead one to believe that the majority of work required to comply with the standard belongs to network, database, application administrators and software developers. There is always a great deal of work required anytime an application is deployed...
Comments (3)
Advice for Merchants on PCI DSS
August 31, 2010 Added by:PCI Guru
There are ways to minimize your organization’s PCI compliance efforts by just getting rid of the data in the first place. Stop putting forth efforts to comply and get with the movement to get rid of the cardholder data in the first place...
Comments (1)
PCI Security Standards Council on PCI DSS 2.0
August 26, 2010 Added by:Anton Chuvakin
Everybody knows that PCI DSS 2.0 is coming. The PCI Security Standards Council released a summary of changes for version 2.0 in PDF to be released in October 2010. The council folks have kindly granted this brief interview...
Comments (0)
Why The PCI Data Security Standards Exist
August 23, 2010 Added by:PCI Guru
It has been suggested that the PCI standards were only developed to minimize the losses to the card brands and banks and do nothing for merchants. However, the PCI standards were meant to protect everyone in the transaction process...
Comments (0)
Are Contactless Payment Methods Secure?
August 20, 2010 Added by:Robert Siciliano
Hackers, whether they’re black hat (bad guys) or white hat (security professionals), are always looking for vulnerabilities in technology. The bad guys’ intentions are to exploit these vulnerabilities for ill-gotten gain, and the security professionals’ are to make the technology more secure...
Comments (4)
PCI Feels Like Something is Being Done to Me
August 09, 2010 Added by:PCI Guru
In a lot of these organizations, security has been given the short shrift and has been perpetually on the back burner. In these organizations, senior management sees security, and IT as a whole, as a money pit that does nothing for the organization...
Comments (1)
PCI DSS and Code Reviews
August 02, 2010 Added by:PCI Guru
Requirement 6.6 of the PCI DSS discusses the concept of code reviews or the implementation of an application firewall to protect Internet facing applications...
Comments (4)
Electronic Payment Fraud, Security and Risk Mitigation
July 28, 2010 Added by:Anthony M. Freed
The biggest risk is systematic. Criminals and hackers have multiple points to penetrate a system, so it's important for those responsible for online payment security to think of the possible risks from end-to-end...
Comments (1)
Credit Card Connoisseur
July 08, 2010 Added by:Ron Baklarz
This authentication mechanism could be compromised and moreover, I would very much like to see the security scheme around the kiosk's ability to protect the PII associated with the driver's license as well as the PCI-DSS protections since the machines will accept credit and debit cards...
Comments (1)
Credit Card Data Breaches Cost Big Bucks
July 08, 2010 Added by:Robert Siciliano
Javelin’s survey shows that 26%, or one out of four U.S. consumers received a data breach notification last year from a company or agency holding their personal data, including credit and debit card or checking account information...
Comments (0)
A PCI DSS Overview
April 16, 2010 Added by:Mike Meikle
As a consultant, you get to view the grim expanse of industry regulation more than most. Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA) and of course the topic of this article, Payment Card Industry Data Security Standard (PCI DSS).
Comments (0)
Mitigating Risks by Leveraging a Core Business Process
October 20, 2009 Added by:Mike Cuppett
When it comes to audits and other compliance requirements - think Sarbanes-Oxley, PCI-DSS, internal and external audits, etc. - people tend to get a bit uptight and flustered. Fortunately, by keeping a calm head and a rational perspective, your reaction to these challenges can be cool and calm, allowing you to leverage a methodology you already know - risk mitigation.
Comments (0)
Heartland Regains PCI Compliant Status
May 03, 2009 Added by:Anthony M. Freed
Heartland’s removal from the list of compliant payment processors had followed revelations that the company had suffered what may have been the largest data breach of payment card information to date, although details of the incident have not been made available due to ongoing investigations...
Comments (0)
Payment Card Industry Swallows Its Own Tail
April 01, 2009 Added by:Anthony M. Freed
The greatest threat to the survival of PCI DSS (Payment Card Industry Data Security Standard) may not be the ever-evolving tactics of the criminal hackers, but instead the dysfunctional nature of the relationships between the very parties the standards are meant to serve...
Comments (0)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!