Relying on Virtual LAN (VLAN) based segmentation alone is not sufficient. For example, having the CDE on one VLAN and the WLAN on a separate VLAN does not adequately segment the WLAN and take it out of PCI DSS scope.
Last week, PCI changed its policy on audio recordings. It now instructs retailers to treat a digital audio capture exactly the same as if it was written. This means that all of those call centers asking for credit card details over the phone must dispose of those recordings, or at least the parts that store the prohibited data, immediately.
PCI Security Standards Council general manager Bob Russo said the next revision of the Payment Card Industry Data Security Standard (PCI DSS), due in October, will contain clarifications but no major changes to the standard.
The Payment Card Industry Security Standards Council (PCI SSC), under pressure from merchants to improve the training of its certified Qualified Security Assessors (QSA), has detailed plans to beef up its PCI QSA certification review process, adding much needed staff and funding to improve oversight of the individuals who conduct PCI Data Security Standard (DSS) compliance assessments.
Attempted attacks increased from an average of 6,500 per healthcare client per day in the first nine months of 2009 to an average of 13,400 per client per day in the last three months of 2009. Attempted attacks against other types of organizations, protected by SecureWorks, did not increase in the fourth quarter
University Medical Center officials said Monday that personal information of traffic accident victims was likely leaked from its trauma center for more than three months, and stopped only after the Las Vegas Sun told the hospital about the breach.
PCI validation is not the same as PCI compliance. Validation is an assessment or judgment based on evidence. It is something you do once a year. Compliance is different. It is a state where you, the merchant, actually meet all the rules and procedures every day.
On Jan 25th, the PCI Security Standards Council, a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) Security Requirements and the Payment Application Data Security Standard (PA-DSS), announced that Bruce Rutherford, group head, fraud management solutions, payment system integrity, MasterCard, has been appointed as the new chairperson of the PCI Security Standards Council. Rutherford will steer the Council as it works with industry stakeholders to create and release new standards in 2010.
Compliance with PCI continues to look pretty abysmal. North American organizations are still not where they should be, and the level of PCI compliance in Europe is especially poor.
How one uses the cloud is most dependent how compliant you intend to be. Once you understand the individual compliance regulations and specific requirements, it’s likely that you (and your data) can live comfortably on the cloud.