Items Tagged with "PCI DSS"


Ebb72d4bfba370aecb29bc7519c9dac2

Analysis of the Verizon PCI Report

October 27, 2010 Added by:Anton Chuvakin

Regular testing and monitoring may be the most crucial but underrated and least appreciated aspects of security. If a merchant has to work at it throughout the year, as opposed to simply buy or check the box, compliance rates lag...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

On Scope Shrinkage in PCI DSS

October 20, 2010 Added by:Anton Chuvakin

People who came to PCI DSS assessments and related services from doing pure information security often view PCI scope reduction as a cheap trick aimed at making PCI DSS compliance undeservedly easier. However, PCI DSS scope shrink is not just a cop out aimed at not protecting the data...

Comments  (8)

Fc152e73692bc3c934d248f639d9e963

The 2010 PCI Community Meeting

October 18, 2010 Added by:PCI Guru

I want to get the PCI SSC to repeal their inane Report On Compliance report writing standard. This standard has become onerous and, in the end, has become make do work. To understand this situation, you need a bit of history...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Writing A Compensating Control

October 14, 2010 Added by:PCI Guru

You really need to document valid business reasons as to why a compensating control is needed. The fact that your organization does not have the backbone to implement PCI DSS requirements is not a valid reason. That just does not cut it...

Comments  (8)

C787d4daae33f0e155e00c614f07b0ee

Proactive Security versus Reactive Compliance

October 11, 2010 Added by:Robb Reck

The nature of your industry, company and the technologies you utilize will determine the nature of the attacks against you. You cannot depend on a framework or regulatory agency to know what threats are most dangerous to your company. Self awareness and active monitoring are needed...

Comments  (3)

Fc152e73692bc3c934d248f639d9e963

The Chip And PIN Debate – Part 1

September 08, 2010 Added by:PCI Guru

When a banker looks at the fraud losses, they see two numbers; the monetary loss and the percentage. At 4.7 percent, fraud losses are considered manageable and can be compensated for by fees. That may be a cold way of looking at things, but that is how business is done...

Comments  (0)

4085079c6fe0be2fd371ddbac0c3e7db

PCI DSS from a Linux SysAdmin's Perspective

September 08, 2010 Added by:Jamie Adams

A cursory glance at the PCI DSS might lead one to believe that the majority of work required to comply with the standard belongs to network, database, application administrators and software developers. There is always a great deal of work required anytime an application is deployed...

Comments  (3)

Fc152e73692bc3c934d248f639d9e963

Advice for Merchants on PCI DSS

August 31, 2010 Added by:PCI Guru

There are ways to minimize your organization’s PCI compliance efforts by just getting rid of the data in the first place. Stop putting forth efforts to comply and get with the movement to get rid of the cardholder data in the first place...

Comments  (1)

Ebb72d4bfba370aecb29bc7519c9dac2

PCI Security Standards Council on PCI DSS 2.0

August 26, 2010 Added by:Anton Chuvakin

Everybody knows that PCI DSS 2.0 is coming. The PCI Security Standards Council released a summary of changes for version 2.0 in PDF to be released in October 2010. The council folks have kindly granted this brief interview...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Why The PCI Data Security Standards Exist

August 23, 2010 Added by:PCI Guru

It has been suggested that the PCI standards were only developed to minimize the losses to the card brands and banks and do nothing for merchants. However, the PCI standards were meant to protect everyone in the transaction process...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Are Contactless Payment Methods Secure?

August 20, 2010 Added by:Robert Siciliano

Hackers, whether they’re black hat (bad guys) or white hat (security professionals), are always looking for vulnerabilities in technology. The bad guys’ intentions are to exploit these vulnerabilities for ill-gotten gain, and the security professionals’ are to make the technology more secure...

Comments  (4)

Fc152e73692bc3c934d248f639d9e963

PCI Feels Like Something is Being Done to Me

August 09, 2010 Added by:PCI Guru

In a lot of these organizations, security has been given the short shrift and has been perpetually on the back burner. In these organizations, senior management sees security, and IT as a whole, as a money pit that does nothing for the organization...

Comments  (1)

Fc152e73692bc3c934d248f639d9e963

PCI DSS and Code Reviews

August 02, 2010 Added by:PCI Guru

Requirement 6.6 of the PCI DSS discusses the concept of code reviews or the implementation of an application firewall to protect Internet facing applications...

Comments  (4)

6d117b57d55f63febe392e40a478011f

Electronic Payment Fraud, Security and Risk Mitigation

July 28, 2010 Added by:Anthony M. Freed

The biggest risk is systematic. Criminals and hackers have multiple points to penetrate a system, so it's important for those responsible for online payment security to think of the possible risks from end-to-end...

Comments  (1)

91648658a3e987ddb81913b06dbdc57a

Credit Card Connoisseur

July 08, 2010 Added by:Ron Baklarz

This authentication mechanism could be compromised and moreover, I would very much like to see the security scheme around the kiosk's ability to protect the PII associated with the driver's license as well as the PCI-DSS protections since the machines will accept credit and debit cards...

Comments  (1)

37d5f81e2277051bc17116221040d51c

Credit Card Data Breaches Cost Big Bucks

July 08, 2010 Added by:Robert Siciliano

Javelin’s survey shows that 26%, or one out of four U.S. consumers received a data breach notification last year from a company or agency holding their personal data, including credit and debit card or checking account information...

Comments  (0)

Page « < 8 - 9 - 10 - 11 - 12 > »