PCI DSS

PCI releases help for retailers using mobile to take sales

By

The body that manages debit and credit card security standards on Wednesday released best practices for retailers wishing to accept payments via mobile devices.

Global Payments working to again validate its PCI compliance

By

For the first time, breached processor Global Payments disclosed on Tuesday that a number of card brands have removed the company from their approved list of service providers.

Can't we just ignore PCI DSS?

Can't we just ignore PCI DSS?

Adopting PCI DSS is a sensible thing to do from a security perspective, says New Net Technologies' Mark Kedgley.

Visa expels Global Payments following 1.5M-card breach

By

Global Payments, a major credit card processor based in Atlanta, is off Visa's approved list after it confirmed it was breached of some 1.5 million card numbers. The incident, however, is still shrouded in some mystery.

Standards body to certify PCI end-user experts

By

The PCI Security Standards Council is planning to soon launch a program where one can certify their expertise in preparing their organizations for PCI assessments.

PCI Council beefs up wireless guidance

By

The PCI Security Standards Council, charged with managing payment security guidelines, on Friday issued updated guidance around protecting wireless technology in cardholder environments. The update offers expanded advice on securing Bluetooth, and provides methods for testing and detecting rogue wireless access points, which are unauthorized Wi-Fi entryways typically set up by attackers to sniff network traffic. The council first released procedures to secure wireless in 2009.

PCI Council releases tokenization guidance

By

Tokenization solutions can simplify the requirements of PCI DSS by taking systems that no longer contain sensitive credit card numbers out of scope, according to a new guidance document from the PCI Council.

PCI Council revokes company's QSA status

By

The PCI Security Standards Council last week revoked CSO's Qualified Security Assessor (QSA) and Payment Application Qualified Security Assessor (PA-QSA) status.

Something borrowed: Benefits of PCI

Something borrowed: Benefits of PCI

The prescriptive nature of the Payment Card Industry Data Security Standard, often referred to as PCI, can benefit even those companies not processing credit card transactions.

In search of a global network security standard

In search of a global network security standard

A government-adopted and enforced global benchmark for network security may lend value, and borrowing from the PCI DSS playbook could help in its creation.

Virtualization guidelines issued to supplement PCI DSS 2.0

By

The PCI Security Standards Council on Tuesday released "PCI DSS Virtualization Guidelines" to update credit card payment security to the age of cloud computing.

No silver bullet for PCI compliance

No silver bullet for PCI compliance

All around the world, organizations are moving toward the adoption of updated PCI standards so that they can begin 2012 with assessments against the newest iterations.

Boston restaurant group settles dispute after breach

By

The Massachusetts attorney general's office has settled with a Boston restaurant group whose computer systems were compromised by hackers to steal some 125,000 customer credit card numbers.

Views regarding PCI compliance are mostly positive

By

A new survey from Cisco reveals that organizations are getting better at handling their obligations to meet payment industry security guidelines.

PCI Council releases guidance on emerging technologies

By

The PCI Security Standards Council, tasked with managing the Payment Card Industry Data Security Standard (PCI DSS), on Tuesday issued two new guidance documents assessing the impact of emerging data security technologies on payment card security. One paper focuses on point-to-point encryption (P2PE), also commonly known as end-to-end encryption, an emerging technology used to mask cardholder data from point-of-swipe through processing. Properly implemented, P2PE will allow merchants to reduce their scope in complying with the PCI DSS, according to the document. A separate guidance document is focused on EMV, a global standard for authenticating credit and debit card payments. EMV and PCI DSS should complement each other and not be seen as competing standards, according to the PCI Council. — AM

PCI DSS for small merchants

PCI DSS for small merchants

All merchants need to comply with all PCI DSS requirements, regardless of compliance validation mechanisms, says Mathieu Gorge, CEO and founder of VigiTrust.

Developments to the PCI standard: Interview with Jeremy King, European head of the PCI Security Standards Council

By

SC Magazine's Angela Moscaritolo recently traveled to Orlando, Fla. to the PCI Security Standard Council's annual North American Community Meeting to learn about the latest changes to the payment security standard and what merchants can expect in the form of additional guidance to reduce their compliance scope. During her trip, she sat down with Jeremy King, who heads the PCI Council's European operations, to discuss the developments.

Is the United States the weakest link when it comes to credit card security?

Is the United States the weakest link when it comes to credit card security?

Nations abroad may be forging ahead of the United States in terms of offering consumers enhanced cardholder protection, but the decision to move toward technology such as chip-and-PIN is not always cut and dry.

PCI Council: P2PE simplifies PCI DSS compliance

By

The group responsible for managing payment security rules plans to release two new guidance documents early next month assessing the impact of emerging data security technologies on payment card security.

HP to buy ArcSight for $1.5 billion

By

Another IT security company was gobbled up by an IT bellwether when HP on Monday announced plans to acquire Cupertino, Calif.-based SIEM provider ArcSight for $1.5 billion.

Is there a silver bullet to the payment industry's data security woes?

Is there a silver bullet to the payment industry's data security woes?

Security professionals must consider all the options available to them to secure cardholder data.

PCI Council unveils expected changes for DSS guidelines

By

The body that manages PCI guidelines has released a summary of expected changes, but merchants will not find any mention of emerging data security technologies.

Dealing with compliance: Interview with Michael Thelander, product marketing manager at Tripwire

By

SC Magazine Deputy Editor Dan Kaplan sits down with Tripwire's Michael Thelander to learn whether compliance remains a driver for organizations, especially as new regulations pop up and existing mandates become more stringent. Thelander also touches on compliance in the cloud, and whether it can be achieved.

How you are changing the PCI standards in 2010

How you are changing the PCI standards in 2010

Businesses that accept payment cards understand they need to make safeguarding customer data a top priority, says Bruce Rutherford, chairman, PCI Security Standards Council.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US