The body that manages debit and credit card security standards on Wednesday released best practices for retailers wishing to accept payments via mobile devices.
For the first time, breached processor Global Payments disclosed on Tuesday that a number of card brands have removed the company from their approved list of service providers.
Adopting PCI DSS is a sensible thing to do from a security perspective, says New Net Technologies' Mark Kedgley.
Global Payments, a major credit card processor based in Atlanta, is off Visa's approved list after it confirmed it was breached of some 1.5 million card numbers. The incident, however, is still shrouded in some mystery.
The PCI Security Standards Council is planning to soon launch a program where one can certify their expertise in preparing their organizations for PCI assessments.
The PCI Security Standards Council, charged with managing payment security guidelines, on Friday issued updated guidance around protecting wireless technology in cardholder environments. The update offers expanded advice on securing Bluetooth, and provides methods for testing and detecting rogue wireless access points, which are unauthorized Wi-Fi entryways typically set up by attackers to sniff network traffic. The council first released procedures to secure wireless in 2009.
Tokenization solutions can simplify the requirements of PCI DSS by taking systems that no longer contain sensitive credit card numbers out of scope, according to a new guidance document from the PCI Council.
The PCI Security Standards Council last week revoked CSO's Qualified Security Assessor (QSA) and Payment Application Qualified Security Assessor (PA-QSA) status.
The prescriptive nature of the Payment Card Industry Data Security Standard, often referred to as PCI, can benefit even those companies not processing credit card transactions.
A government-adopted and enforced global benchmark for network security may lend value, and borrowing from the PCI DSS playbook could help in its creation.
The PCI Security Standards Council on Tuesday released "PCI DSS Virtualization Guidelines" to update credit card payment security to the age of cloud computing.
All around the world, organizations are moving toward the adoption of updated PCI standards so that they can begin 2012 with assessments against the newest iterations.
The Massachusetts attorney general's office has settled with a Boston restaurant group whose computer systems were compromised by hackers to steal some 125,000 customer credit card numbers.
A new survey from Cisco reveals that organizations are getting better at handling their obligations to meet payment industry security guidelines.
The PCI Security Standards Council, tasked with managing the Payment Card Industry Data Security Standard (PCI DSS), on Tuesday issued two new guidance documents assessing the impact of emerging data security technologies on payment card security. One paper focuses on point-to-point encryption (P2PE), also commonly known as end-to-end encryption, an emerging technology used to mask cardholder data from point-of-swipe through processing. Properly implemented, P2PE will allow merchants to reduce their scope in complying with the PCI DSS, according to the document. A separate guidance document is focused on EMV, a global standard for authenticating credit and debit card payments. EMV and PCI DSS should complement each other and not be seen as competing standards, according to the PCI Council. — AM
All merchants need to comply with all PCI DSS requirements, regardless of compliance validation mechanisms, says Mathieu Gorge, CEO and founder of VigiTrust.
Developments to the PCI standard: Interview with Jeremy King, European head of the PCI Security Standards CouncilSeptember 29, 2010
SC Magazine's Angela Moscaritolo recently traveled to Orlando, Fla. to the PCI Security Standard Council's annual North American Community Meeting to learn about the latest changes to the payment security standard and what merchants can expect in the form of additional guidance to reduce their compliance scope. During her trip, she sat down with Jeremy King, who heads the PCI Council's European operations, to discuss the developments.
Nations abroad may be forging ahead of the United States in terms of offering consumers enhanced cardholder protection, but the decision to move toward technology such as chip-and-PIN is not always cut and dry.
The group responsible for managing payment security rules plans to release two new guidance documents early next month assessing the impact of emerging data security technologies on payment card security.
Another IT security company was gobbled up by an IT bellwether when HP on Monday announced plans to acquire Cupertino, Calif.-based SIEM provider ArcSight for $1.5 billion.
Security professionals must consider all the options available to them to secure cardholder data.
The body that manages PCI guidelines has released a summary of expected changes, but merchants will not find any mention of emerging data security technologies.
SC Magazine Deputy Editor Dan Kaplan sits down with Tripwire's Michael Thelander to learn whether compliance remains a driver for organizations, especially as new regulations pop up and existing mandates become more stringent. Thelander also touches on compliance in the cloud, and whether it can be achieved.
Businesses that accept payment cards understand they need to make safeguarding customer data a top priority, says Bruce Rutherford, chairman, PCI Security Standards Council.
Sign up to our newsletters
SC Magazine Articles
- Samsung devices, including Galaxy S6, vulnerable to remote code execution
- Dridex banking malware spreading through new spam campaign
- More than 440K new Android malware strains found in Q1, study finds
- U.S., China agree to cybersecurity code of conduct
- Suspicious activity on LastPass network, data compromised
- FireKeepers confirms breach, says about 85,000 cards and other info are at risk
- Plex video sharing customers left at risk after hack attack
- Former Georgia-Pacific sysadmin charged with damaging protected computers
- Harvard University announces network intrusion, possible data exposure
- Saboteurs leverage RIPv1 for DDoS reflection attacks