PCI DSS News, Articles and Updates
The body that manages debit and credit card security standards on Wednesday released best practices for retailers wishing to accept payments via mobile devices.
For the first time, breached processor Global Payments disclosed on Tuesday that a number of card brands have removed the company from their approved list of service providers.
Adopting PCI DSS is a sensible thing to do from a security perspective, says New Net Technologies' Mark Kedgley.
Global Payments, a major credit card processor based in Atlanta, is off Visa's approved list after it confirmed it was breached of some 1.5 million card numbers. The incident, however, is still shrouded in some mystery.
The PCI Security Standards Council is planning to soon launch a program where one can certify their expertise in preparing their organizations for PCI assessments.
The PCI Security Standards Council, charged with managing payment security guidelines, on Friday issued updated guidance around protecting wireless technology in cardholder environments. The update offers expanded advice on securing Bluetooth, and provides methods for testing and detecting rogue wireless access points, which are unauthorized Wi-Fi entryways typically set up by attackers to sniff network traffic. The council first released procedures to secure wireless in 2009.
Tokenization solutions can simplify the requirements of PCI DSS by taking systems that no longer contain sensitive credit card numbers out of scope, according to a new guidance document from the PCI Council.
The PCI Security Standards Council last week revoked CSO's Qualified Security Assessor (QSA) and Payment Application Qualified Security Assessor (PA-QSA) status.
The prescriptive nature of the Payment Card Industry Data Security Standard, often referred to as PCI, can benefit even those companies not processing credit card transactions.
A government-adopted and enforced global benchmark for network security may lend value, and borrowing from the PCI DSS playbook could help in its creation.
The PCI Security Standards Council on Tuesday released "PCI DSS Virtualization Guidelines" to update credit card payment security to the age of cloud computing.
All around the world, organizations are moving toward the adoption of updated PCI standards so that they can begin 2012 with assessments against the newest iterations.
The Massachusetts attorney general's office has settled with a Boston restaurant group whose computer systems were compromised by hackers to steal some 125,000 customer credit card numbers.
A new survey from Cisco reveals that organizations are getting better at handling their obligations to meet payment industry security guidelines.
The PCI Security Standards Council, tasked with managing the Payment Card Industry Data Security Standard (PCI DSS), on Tuesday issued two new guidance documents assessing the impact of emerging data security technologies on payment card security. One paper focuses on point-to-point encryption (P2PE), also commonly known as end-to-end encryption, an emerging technology used to mask cardholder data from point-of-swipe through processing. Properly implemented, P2PE will allow merchants to reduce their scope in complying with the PCI DSS, according to the document. A separate guidance document is focused on EMV, a global standard for authenticating credit and debit card payments. EMV and PCI DSS should complement each other and not be seen as competing standards, according to the PCI Council. — AM
All merchants need to comply with all PCI DSS requirements, regardless of compliance validation mechanisms, says Mathieu Gorge, CEO and founder of VigiTrust.
Developments to the PCI standard: Interview with Jeremy King, European head of the PCI Security Standards CouncilSeptember 29, 2010
SC Magazine's Angela Moscaritolo recently traveled to Orlando, Fla. to the PCI Security Standard Council's annual North American Community Meeting to learn about the latest changes to the payment security standard and what merchants can expect in the form of additional guidance to reduce their compliance scope. During her trip, she sat down with Jeremy King, who heads the PCI Council's European operations, to discuss the developments.
Nations abroad may be forging ahead of the United States in terms of offering consumers enhanced cardholder protection, but the decision to move toward technology such as chip-and-PIN is not always cut and dry.
The group responsible for managing payment security rules plans to release two new guidance documents early next month assessing the impact of emerging data security technologies on payment card security.
Another IT security company was gobbled up by an IT bellwether when HP on Monday announced plans to acquire Cupertino, Calif.-based SIEM provider ArcSight for $1.5 billion.
Security professionals must consider all the options available to them to secure cardholder data.
The body that manages PCI guidelines has released a summary of expected changes, but merchants will not find any mention of emerging data security technologies.
SC Magazine Deputy Editor Dan Kaplan sits down with Tripwire's Michael Thelander to learn whether compliance remains a driver for organizations, especially as new regulations pop up and existing mandates become more stringent. Thelander also touches on compliance in the cloud, and whether it can be achieved.
Businesses that accept payment cards understand they need to make safeguarding customer data a top priority, says Bruce Rutherford, chairman, PCI Security Standards Council.
SC Magazine Articles
- GCHQ infosec group disclosed kernel privilege exploit to Apple
- Adobe Flash remains threat as users fail to update, researchers
- Update: 117 million LinkedIn email credentials found for sale on the dark web
- 2.5K Twitter accounts hacked to spread links to adult content
- Russian bank app changes password when users attempt removal
- Some U.S. Bancorp workers' W-2 info exposed in ADP data breach
- Spearphishing attack nets $495K from investment firm
- Updated: Gmail, Yahoo email credentials among millions found on the dark web
- Organizations need formal vendor risk management programs, study
- PCI DSS version 3.2 release extends multifactor authentication requirement
- Workplace security awareness programs lacking in efficacy, says study
- ACLU seeks to join Microsoft in demanding gov't notify customers of email, cloud storage searches
- Latest Flash Exploit being used to create drive-by ransomware attack
- Russian bank app changes password when users attempt removal
- Credit card skimmers detected in Walmart stores