Get up-to-the-minute news and opinions, plus access to a wide assortment of IT security resources that will keep you current and informed.

Keep me logged in Forgot your password?

Please wait...

Please wait...

 PCI

Global Payments working to again validate its PCI compliance

May 02, 2012

For the first time, breached processor Global Payments disclosed on Tuesday that a number of card brands have removed the company from their approved list of service providers.
 

MasterCard announces product future around EMV

February 07, 2012

The EMV standard, widely considered an effective way to curb counterfeit card fraud because it requires a microchip to be embedded in a credit or debit card or on a mobile device, is gradually picking up steam in the U.S.
 

Campus relief: Kilgore College and Viewfinity

January 20, 2012

A community college in Texas found a tool that enabled it to fend off viruses while coming into compliance, reports Greg Masters.
 

Visa advises on more secure credit card transactions

January 16, 2012

Visa has issued best practices that detail how retailers, card issuers and processors can upgrade their credit card transaction technology to a chip-based model, so to avoid burdensome complexity, cost and time to market.
 

Secret Service charges Romanian man with ATM fraud

January 09, 2012

A Romanian citizen, with an expired U.S. visa, has been arrested on charges of serving as the "installer" of skimming devices on some 40 ATMs in the New York City area.
 

Hackers steal 200,000 card numbers from wholesaler

December 19, 2011

Hackers breached the systems of New York-based food services wholesaler Restaurant Depot, and stole hundreds of thousands of credit and debit card numbers.
 

PCI Council releases tokenization guidance

August 12, 2011

Tokenization solutions can simplify the requirements of PCI DSS by taking systems that no longer contain sensitive credit card numbers out of scope, according to a new guidance document from the PCI Council.
 

PCI Council revokes company's QSA status

August 09, 2011

The PCI Security Standards Council last week revoked CSO's Qualified Security Assessor (QSA) and Payment Application Qualified Security Assessor (PA-QSA) status.
 

Views regarding PCI compliance are mostly positive

January 12, 2011

A new survey from Cisco reveals that organizations are getting better at handling their obligations to meet payment industry security guidelines.
 

PCI Council releases guidance on emerging technologies

October 05, 2010

The PCI Security Standards Council, tasked with managing the Payment Card Industry Data Security Standard (PCI DSS), on Tuesday issued two new guidance documents assessing the impact of emerging data security technologies on payment card security. One paper focuses on point-to-point encryption (P2PE), also commonly known as end-to-end encryption, an emerging technology used to mask cardholder data from point-of-swipe through processing. Properly implemented, P2PE will allow merchants to reduce their scope in complying with the PCI DSS, according to the document. A separate guidance document is focused on EMV, a global standard for authenticating credit and debit card payments. EMV and PCI DSS should complement each other and not be seen as competing standards, according to the PCI Council. — AM
 

Is the United States the weakest link when it comes to credit card security?

Jose Diaz, director of technical and strategic business development at Thales e-Security September 29, 2010

Nations abroad may be forging ahead of the United States in terms of offering consumers enhanced cardholder protection, but the decision to move toward technology such as chip-and-PIN is not always cut and dry.
 

PCI Council: P2PE simplifies PCI DSS compliance

September 23, 2010

The group responsible for managing payment security rules plans to release two new guidance documents early next month assessing the impact of emerging data security technologies on payment card security.
 

HP to buy ArcSight for $1.5 billion

September 13, 2010

Another IT security company was gobbled up by an IT bellwether when HP on Monday announced plans to acquire Cupertino, Calif.-based SIEM provider ArcSight for $1.5 billion.
 

Visa releases best practices for installing payment apps

August 24, 2010

Visa on Tuesday announced best practices for companies to use when implementing, installing and managing programs that process payment applications. The guidance will complement the existing Payment Application Data Security Standard (PA-DSS), which prescribes 14 requirements for software developers that build programs that process credit card payments. The Visa payment application best practices, developed in conjunction with the SANS Institute, include 10 guidelines and can be downloaded here. They are meant for vendors, integrators and resellers. — DK
 

Wal-Mart considers chip-and-PIN

May 21, 2010

Wal-Mart is reportedly about to institute smartcard-based payment at all its U.S.-based stores. A company spokesman revealed this week, according to reports, that payment terminals capable of recognizing chip-and-PIN technology could soon replace signature-based credit card transactions. The move by the world's largest retailer could force other merchants, card issuers and processors to migrate to chip-and-PIN technology, said experts. The system, which uses an embedded chip to verify the card is legitimate, is thought to be significantly safer than traditional magnetic stripe cards, but the cost of adopting the system, widely used in Europe and other countries, has delayed implementation. - GM
 

PCI Council releases new PIN security standard

May 13, 2010

The group responsible for managing payment security rules has released version 3.0 of the PIN Transaction Security (PTS) standard. The new version replaces the PIN Entry Device (PED) standard in an effort to streamline point-of-sale security guidelines to also cover unattended payment terminals, such as fuel dispensers, and hardware security modules, which are nonuser facing devices used in PIN translations. The update "simplifies the testing process and eliminates overlap of documentation," according to the PCI Security Standards Council. The council also plans to release updates to its Payment Application Data Security Standard and flagship PCI Data Security Standard later this year. — DK
 

New PCI internal assessor training program

April 30, 2010

The PCI Security Standards Council, tasked with managing the Payment Card Industry Data Security Standard (PCI DSS), on Friday announced a new training program designed to educate internal security personnel on conducting assessments. The three-day course, to be led by PCI Council experts, either will enable security departments to better work with with third-party assessors or allow them to conduct their own assessments, Bob Russo, the council's general manager, told SCMagazineUS.com. Merchants that process more that six million annual transactions are required to conduct annual on-site PCI DSS assessments. Classes will be held in multiple locations. For more information, including pricing, visit here. — DK
 

Law to allow banks to recoup breach losses

April 05, 2010

A new Washington state law set to go into effect July 1 will allow banks to recoup certain data breach losses from negligent businesses. Under the new law, passed by the state Legislature in late March, financial institutions can seek reimbursement from large retailers and credit card processors that have suffered a data breach — if they failed to comply with the Payment Card Industry Data Security Standard (PCI DSS). The new law is similar to a Minnesota statute passed in 2007. — AM
 

Two-day SC Magazine PCI econference continues today

March 23, 2010

Join us Tuesday and Wednesday for our special two-day SC eConference and Expo: Complying with PCI.
 

Forty percent using compensating controls to meet PCI

March 01, 2010

Forty-one percent of merchants are relying on compensating controls to meet Payment Card Industry Data Security Standard (PCI DSS) requirements, according to a survey released Monday by the Ponemon Institute and commissioned by encryption firm Thales. The survey, which polled 155 qualified security security assessors, who are charged with confirming a company's adherence to PCI. Compensating controls "may be considered for most PCI DSS requirements when an entity cannot meet a requirement explicitly as stated, due to legitimate technical or documented business constraints," according to the PCI Security Standards Council. — DK
 

Why intrusion prevention systems fail to protect web applications

Ryan Barnett, director of application security, Breach Security February 26, 2010

There is overwhelming evidence in reports such as the SANS Top Cyber Security Risks and the Verizon Data Breach Investigation Report that web applications are the Achilles' heel of most networks and criminals know it. In order to protect web applications, the network security paradigm has to shift from "Keep People Out" to "What Are They Doing?" and the IT infrastructure spending needs to follow suit.
 

Bruce Rutherford named chair, PCI Security Standards Council

January 25, 2010

Bruce Rutherford of MasterCard was named chairperson today of The PCI Security Standards Council, an organization that drives education and awareness of the PCI Data Security Standard and other best practices to increase payment data security. In the position, Rutherford, who is group head, fraud management solutions, payment system integrity at MasterCard, is charged with increasing adoption of the PCI standards and to refine the next version. - GM
 

The death of security assessments?

Steve Dauber, vice president of marketing, RedSeal Systems January 08, 2010

After breaches such as at Heartland Payment Systems, the time may have come for organizations to stop relying on security assessments in favor of potentially more effective risk management tactics.
 

Lawsuit against BJ's over 2004 breach dismissed

December 16, 2009

The Massachusetts Supreme Judicial Court last week affirmed a lower court ruling dismissing a case against BJ's Wholesale Club over a 2004 breach.
 

PCI Council examines merits of new technologies

September 25, 2009

Merchants, desiring an easier path to PCI compliance, may soon be encouraged to consider a number of nascent technologies that can help protect cardholder data.
 

Survey: Most organizations struggling to secure data

September 23, 2009

Sixty percent of IT security professionals polled in a recent study said their organization does not have sufficient resources to become PCI compliant.
 

Trustwave acquires DLP provider Vericept

September 10, 2009

Data security vendor Trustwave on Wednesday announced the acquisition of data leakage prevention vendor Vericept.
 

Merchants encouraged to crack down on skimming

August 25, 2009

The organization charged with administering credit card security guidelines is offering tips to avoid "skimming" attacks.
 

Small businesses largely not PCI compliant

August 12, 2009

Though 83 percent of small businesses are familiar with the PCI DSS, just 62 are compliant, according to a recent survey.
 

Network Solutions was PCI compliant before breach

July 27, 2009

Updated: Web hosting firm Network Solutions on Friday announced that, despite its being PCI compliant, a breach had compromised approximately 573,928 individuals' credit card information.
 
Popular Topics
4G-war Advanced Persistent Threat Adware AMTSO Anonymous Botnets Cyber Attacks Cyber Crime Data Breach Data Breaches Encryption Hackers Hacktivism Health Care IT Security Java Malware Mobile Devices Phishing Risk Management Social Security Numbers Stolen Information Survey Trojans Vulnerabilities & Flaws