PCI Compliance

Case study: Malware checkout

Case study: Malware checkout

By

The hospitality industry remains one of the most targeted by cyber criminals. That's why Thayer Lodging Group, which owns or operates 18 hotels, knew it was time to get serious about endpoint security.

PCI releases help for retailers using mobile to take sales

By

The body that manages debit and credit card security standards on Wednesday released best practices for retailers wishing to accept payments via mobile devices.

Visa expels Global Payments following 1.5M-card breach

By

Global Payments, a major credit card processor based in Atlanta, is off Visa's approved list after it confirmed it was breached of some 1.5 million card numbers. The incident, however, is still shrouded in some mystery.

Standards body to certify PCI end-user experts

By

The PCI Security Standards Council is planning to soon launch a program where one can certify their expertise in preparing their organizations for PCI assessments.

MasterCard announces product future around EMV

By

The EMV standard, widely considered an effective way to curb counterfeit card fraud because it requires a microchip to be embedded in a credit or debit card or on a mobile device, is gradually picking up steam in the U.S.

Visa advises on more secure credit card transactions

By

Visa has issued best practices that detail how retailers, card issuers and processors can upgrade their credit card transaction technology to a chip-based model, so to avoid burdensome complexity, cost and time to market.

Secret Service charges Romanian man with ATM fraud

By

A Romanian citizen, with an expired U.S. visa, has been arrested on charges of serving as the "installer" of skimming devices on some 40 ATMs in the New York City area.

Taking stock of PCI five years on

Taking stock of PCI five years on

PCI rules have evolved to keep up with new technologies, and adoption rates are growing, says Visa's Eduardo Perez.

PCI Council beefs up wireless guidance

By

The PCI Security Standards Council, charged with managing payment security guidelines, on Friday issued updated guidance around protecting wireless technology in cardholder environments. The update offers expanded advice on securing Bluetooth, and provides methods for testing and detecting rogue wireless access points, which are unauthorized Wi-Fi entryways typically set up by attackers to sniff network traffic. The council first released procedures to secure wireless in 2009.

PCI Council releases tokenization guidance

By

Tokenization solutions can simplify the requirements of PCI DSS by taking systems that no longer contain sensitive credit card numbers out of scope, according to a new guidance document from the PCI Council.

PCI Council revokes company's QSA status

By

The PCI Security Standards Council last week revoked CSO's Qualified Security Assessor (QSA) and Payment Application Qualified Security Assessor (PA-QSA) status.

No silver bullet for PCI compliance

No silver bullet for PCI compliance

All around the world, organizations are moving toward the adoption of updated PCI standards so that they can begin 2012 with assessments against the newest iterations.

An independent approach to PCI audit security and compliance

An independent approach to PCI audit security and compliance

The PCI Data Security Standard assessment process must change, or the payment industry faces an ethical bind.

Views regarding PCI compliance are mostly positive

By

A new survey from Cisco reveals that organizations are getting better at handling their obligations to meet payment industry security guidelines.

Free webcast today on PCI compliance

By

SC Magazine is presenting a free webcast today at 2 p.m. EST, focused on achieving PCI compliance.

PCI Council releases guidance on emerging technologies

By

The PCI Security Standards Council, tasked with managing the Payment Card Industry Data Security Standard (PCI DSS), on Tuesday issued two new guidance documents assessing the impact of emerging data security technologies on payment card security. One paper focuses on point-to-point encryption (P2PE), also commonly known as end-to-end encryption, an emerging technology used to mask cardholder data from point-of-swipe through processing. Properly implemented, P2PE will allow merchants to reduce their scope in complying with the PCI DSS, according to the document. A separate guidance document is focused on EMV, a global standard for authenticating credit and debit card payments. EMV and PCI DSS should complement each other and not be seen as competing standards, according to the PCI Council. — AM

PCI DSS for small merchants

PCI DSS for small merchants

All merchants need to comply with all PCI DSS requirements, regardless of compliance validation mechanisms, says Mathieu Gorge, CEO and founder of VigiTrust.

Developments to the PCI standard: Interview with Jeremy King, European head of the PCI Security Standards Council

By

SC Magazine's Angela Moscaritolo recently traveled to Orlando, Fla. to the PCI Security Standard Council's annual North American Community Meeting to learn about the latest changes to the payment security standard and what merchants can expect in the form of additional guidance to reduce their compliance scope. During her trip, she sat down with Jeremy King, who heads the PCI Council's European operations, to discuss the developments.

Is the United States the weakest link when it comes to credit card security?

Is the United States the weakest link when it comes to credit card security?

Nations abroad may be forging ahead of the United States in terms of offering consumers enhanced cardholder protection, but the decision to move toward technology such as chip-and-PIN is not always cut and dry.

PCI Council: P2PE simplifies PCI DSS compliance

By

The group responsible for managing payment security rules plans to release two new guidance documents early next month assessing the impact of emerging data security technologies on payment card security.

HP to buy ArcSight for $1.5 billion

By

Another IT security company was gobbled up by an IT bellwether when HP on Monday announced plans to acquire Cupertino, Calif.-based SIEM provider ArcSight for $1.5 billion.

New PCI internal assessor training program

By

The PCI Security Standards Council, tasked with managing the Payment Card Industry Data Security Standard (PCI DSS), on Friday announced a new training program designed to educate internal security personnel on conducting assessments. The three-day course, to be led by PCI Council experts, either will enable security departments to better work with with third-party assessors or allow them to conduct their own assessments, Bob Russo, the council's general manager, told SCMagazineUS.com. Merchants that process more that six million annual transactions are required to conduct annual on-site PCI DSS assessments. Classes will be held in multiple locations. For more information, including pricing, visit here. — DK

Law to allow banks to recoup breach losses

By

A new Washington state law set to go into effect July 1 will allow banks to recoup certain data breach losses from negligent businesses. Under the new law, passed by the state Legislature in late March, financial institutions can seek reimbursement from large retailers and credit card processors that have suffered a data breach — if they failed to comply with the Payment Card Industry Data Security Standard (PCI DSS). The new law is similar to a Minnesota statute passed in 2007. — AM

Is increased government regulation the answer to increased privacy protection?

Data breaches involving privacy information continue to increase despite the costs, embarrassment and negative publicity associated with them.

Bruce Rutherford named chair, PCI Security Standards Council

By

Bruce Rutherford of MasterCard was named chairperson today of The PCI Security Standards Council, an organization that drives education and awareness of the PCI Data Security Standard and other best practices to increase payment data security. In the position, Rutherford, who is group head, fraud management solutions, payment system integrity at MasterCard, is charged with increasing adoption of the PCI standards and to refine the next version. - GM

Trustwave, Symantec make acquisitions

By

Compliance management vendor Trustwave announced on Tuesday the acquisition of data encryption vendor BitArmor. Trustwave plans to integrate BitArmor's file- and full-disk encryption technology into its current data leakage prevention and endpoint security solution to help clients comply with regulations that are increasing the demand for encryption. Meanwhile, Symantec on Tuesday announced plans to buy Gideon Technologies, provider of IT risk automation, to better serve public-sector customers. Terms of both deals were not disclosed. — AM

Lawsuit against BJ's over 2004 breach dismissed

By

The Massachusetts Supreme Judicial Court last week affirmed a lower court ruling dismissing a case against BJ's Wholesale Club over a 2004 breach.

Recognizing the payment industry achievements of 2009 and looking ahead

Recognizing the payment industry achievements of 2009 and looking ahead

The chairman of the PCI Security Standards Council shares his thoughts on the payment industry's 2009 successes and looks forward to what is on the horizon to ensure the protection of credit card information.

Breached restaurateurs suing point-of-sale provider

By

The restaurants, located in Louisiana and Mississippi, are seeking millions of dollars in damages from Georgia-based point-of-sale vendor Radiant Systems and its distributor Computer World.

Sign up to our newsletters

POLL