Social security numbers and other personal information for 175 patients of Penrose Hospital’s imaging department were apparently stolen earlier this month.
The PCI Virtualization Special Interest Group is trying to find consensus before proposing ways to add the technology to the Payment Card Industry Data Security Standards (PCI DSS). The group is meeting this week at Mandalay Bay Resort and Casino in Las Vegas, where the Payment Card Industry Security Standards Council (PCI SSC) is holding its North American Community meeting.
I just received an “F” on the most recent FISMA report, so I had a lot of work to do there to get into compliance with that mandate. Also saw a whole lot of people working very hard, trying to improve security. I think it was a matter of just needing some direction, some coordination, some processes and some experience in implementing best practices. That was kind of the picture when I got here, and we’re making strides in all of those areas
The conventional wisdom is that when large vendors enter a niche market, those vendors “legitimize” that market. But the announcement that First Data and RSA Security are getting into the credit card tokenization business raises many issues beyond them simply “making” the tokenization market.
Emerging technologies are the hottest topics of discussion within the PCI Security Standards Council community meeting in Las Vegas this week.
The question, says David Taylor, founder of the PCI Knowledge Base, a PCI research firm, is ‘How will PCI’s security standards council embrace end-to-end encryption, tokenization and other emerging technologies?’
Some 79% of US and multinational companies surveyed said they had lost credit card information, yet only 29% use PCI DSS as part of their security strategy.
Over half (55%) said they focus on protecting only credit card data and do not attempt to secure other sensitive customer information, the survey showed.
However, in an interim final rule published late last month, the HHS introduced a new “harm threshold” for breach notification which critics say completely guts the original intent of the bill. Under the change, health-care entities will be required to publicly disclose breaches involving health-care data only if they think the breach will cause financial or reputational harm to those whose data was compromised.
The change allows health-care companies to do a self-assessment of the potential privacy and fraud risks stemming from a data breach and leaves it up to them to decide if a notification is justified. If a breached company decides there is no harm, it will have no obligation to disclose the breach to anyone — even if it had taken no measures previously to protect the data
Premier League football club Tottenham Hotspur has a critical short-term goal to achieve – other than trying to remain near the top of the table.
The club is racing against an October deadline to roll out compliance with the payment card industry’s data security standard (PCI DSS).
Spurs processes 700,000 credit card transactions a year, and a planned new 58,000-seater stadium, up from 36,000 seats, is expected to increase the number of credit card transactions significantly.
Rising processing costs and Visa Inc.’s mandate that point-of-sale terminals be upgraded to do Triple-DES encryption for PIN-based debit transactions are prompting gas sellers to rethink PIN debit acceptance.
Visa’s latest report, posted in mid-August, reveals another curious numerical quirk. It estimates the number of Level 4 merchants at about 5 million. But in a PCI report for June 2007, Visa estimated the number of Level 4 merchants at about 6.5 million, says Gartner Inc. technology and security analyst Avivah Litan. She interprets that reduction to be a result of PCI causing networks and acquirers to look hard at where their transactions come from and thus make their counting more accurate. “PCI is forcing Visa to get a better handle on who’s connecting to them,” she says.