PCI Compliance News, Articles and Updates
The hospitality industry remains one of the most targeted by cyber criminals. That's why Thayer Lodging Group, which owns or operates 18 hotels, knew it was time to get serious about endpoint security.
The body that manages debit and credit card security standards on Wednesday released best practices for retailers wishing to accept payments via mobile devices.
Global Payments, a major credit card processor based in Atlanta, is off Visa's approved list after it confirmed it was breached of some 1.5 million card numbers. The incident, however, is still shrouded in some mystery.
The PCI Security Standards Council is planning to soon launch a program where one can certify their expertise in preparing their organizations for PCI assessments.
The EMV standard, widely considered an effective way to curb counterfeit card fraud because it requires a microchip to be embedded in a credit or debit card or on a mobile device, is gradually picking up steam in the U.S.
Visa has issued best practices that detail how retailers, card issuers and processors can upgrade their credit card transaction technology to a chip-based model, so to avoid burdensome complexity, cost and time to market.
A Romanian citizen, with an expired U.S. visa, has been arrested on charges of serving as the "installer" of skimming devices on some 40 ATMs in the New York City area.
PCI rules have evolved to keep up with new technologies, and adoption rates are growing, says Visa's Eduardo Perez.
The PCI Security Standards Council, charged with managing payment security guidelines, on Friday issued updated guidance around protecting wireless technology in cardholder environments. The update offers expanded advice on securing Bluetooth, and provides methods for testing and detecting rogue wireless access points, which are unauthorized Wi-Fi entryways typically set up by attackers to sniff network traffic. The council first released procedures to secure wireless in 2009.
Tokenization solutions can simplify the requirements of PCI DSS by taking systems that no longer contain sensitive credit card numbers out of scope, according to a new guidance document from the PCI Council.
The PCI Security Standards Council last week revoked CSO's Qualified Security Assessor (QSA) and Payment Application Qualified Security Assessor (PA-QSA) status.
All around the world, organizations are moving toward the adoption of updated PCI standards so that they can begin 2012 with assessments against the newest iterations.
The PCI Data Security Standard assessment process must change, or the payment industry faces an ethical bind.
A new survey from Cisco reveals that organizations are getting better at handling their obligations to meet payment industry security guidelines.
SC Magazine is presenting a free webcast today at 2 p.m. EST, focused on achieving PCI compliance.
The PCI Security Standards Council, tasked with managing the Payment Card Industry Data Security Standard (PCI DSS), on Tuesday issued two new guidance documents assessing the impact of emerging data security technologies on payment card security. One paper focuses on point-to-point encryption (P2PE), also commonly known as end-to-end encryption, an emerging technology used to mask cardholder data from point-of-swipe through processing. Properly implemented, P2PE will allow merchants to reduce their scope in complying with the PCI DSS, according to the document. A separate guidance document is focused on EMV, a global standard for authenticating credit and debit card payments. EMV and PCI DSS should complement each other and not be seen as competing standards, according to the PCI Council. — AM
All merchants need to comply with all PCI DSS requirements, regardless of compliance validation mechanisms, says Mathieu Gorge, CEO and founder of VigiTrust.
Developments to the PCI standard: Interview with Jeremy King, European head of the PCI Security Standards CouncilSeptember 29, 2010
SC Magazine's Angela Moscaritolo recently traveled to Orlando, Fla. to the PCI Security Standard Council's annual North American Community Meeting to learn about the latest changes to the payment security standard and what merchants can expect in the form of additional guidance to reduce their compliance scope. During her trip, she sat down with Jeremy King, who heads the PCI Council's European operations, to discuss the developments.
Nations abroad may be forging ahead of the United States in terms of offering consumers enhanced cardholder protection, but the decision to move toward technology such as chip-and-PIN is not always cut and dry.
The group responsible for managing payment security rules plans to release two new guidance documents early next month assessing the impact of emerging data security technologies on payment card security.
Another IT security company was gobbled up by an IT bellwether when HP on Monday announced plans to acquire Cupertino, Calif.-based SIEM provider ArcSight for $1.5 billion.
The PCI Security Standards Council, tasked with managing the Payment Card Industry Data Security Standard (PCI DSS), on Friday announced a new training program designed to educate internal security personnel on conducting assessments. The three-day course, to be led by PCI Council experts, either will enable security departments to better work with with third-party assessors or allow them to conduct their own assessments, Bob Russo, the council's general manager, told SCMagazineUS.com. Merchants that process more that six million annual transactions are required to conduct annual on-site PCI DSS assessments. Classes will be held in multiple locations. For more information, including pricing, visit here. — DK
A new Washington state law set to go into effect July 1 will allow banks to recoup certain data breach losses from negligent businesses. Under the new law, passed by the state Legislature in late March, financial institutions can seek reimbursement from large retailers and credit card processors that have suffered a data breach — if they failed to comply with the Payment Card Industry Data Security Standard (PCI DSS). The new law is similar to a Minnesota statute passed in 2007. — AM
Data breaches involving privacy information continue to increase despite the costs, embarrassment and negative publicity associated with them.
Bruce Rutherford of MasterCard was named chairperson today of The PCI Security Standards Council, an organization that drives education and awareness of the PCI Data Security Standard and other best practices to increase payment data security. In the position, Rutherford, who is group head, fraud management solutions, payment system integrity at MasterCard, is charged with increasing adoption of the PCI standards and to refine the next version. - GM
Compliance management vendor Trustwave announced on Tuesday the acquisition of data encryption vendor BitArmor. Trustwave plans to integrate BitArmor's file- and full-disk encryption technology into its current data leakage prevention and endpoint security solution to help clients comply with regulations that are increasing the demand for encryption. Meanwhile, Symantec on Tuesday announced plans to buy Gideon Technologies, provider of IT risk automation, to better serve public-sector customers. Terms of both deals were not disclosed. — AM
The Massachusetts Supreme Judicial Court last week affirmed a lower court ruling dismissing a case against BJ's Wholesale Club over a 2004 breach.
The chairman of the PCI Security Standards Council shares his thoughts on the payment industry's 2009 successes and looks forward to what is on the horizon to ensure the protection of credit card information.
The restaurants, located in Louisiana and Mississippi, are seeking millions of dollars in damages from Georgia-based point-of-sale vendor Radiant Systems and its distributor Computer World.
SC Magazine Articles
- GCHQ infosec group disclosed kernel privilege exploit to Apple
- Update: 117 million LinkedIn email credentials found for sale on the dark web
- Adobe Flash remains threat as users fail to update, researchers
- 2.5K Twitter accounts hacked to spread links to adult content
- Variant of Cerber ransomware features bot capabilities that could launch DDoS attacks
- Some U.S. Bancorp workers' W-2 info exposed in ADP data breach
- Spearphishing attack nets $495K from investment firm
- Updated: Gmail, Yahoo email credentials among millions found on the dark web
- Organizations need formal vendor risk management programs, study
- PCI DSS version 3.2 release extends multifactor authentication requirement
- Latest Flash Exploit being used to create drive-by ransomware attack
- Russian bank app changes password when users attempt removal
- Credit card skimmers detected in Walmart stores
- Report: DHS intelligence unit lacks "adequate oversight" for continuity capabilities
- Update: 117 million LinkedIn email credentials found for sale on the dark web