Monthly Archives: January 2010

Virtual Network Segmentation for PCI?

Relying on Virtual LAN (VLAN) based segmentation alone is not sufficient. For example, having the CDE on one VLAN and the WLAN on a separate VLAN does not adequately segment the WLAN and take it out of PCI DSS scope.

via The Forrester Blog For Security & Risk Professionals.

New PCI Phone Rules: A Number Spoken Is Just As Risky As One Typed

Last week, PCI changed its policy on audio recordings. It now instructs retailers to treat a digital audio capture exactly the same as if it was written. This means that all of those call centers asking for credit card details over the phone must dispose of those recordings, or at least the parts that store the prohibited data, immediately.

via StorefrontBacktalk » Blog Archive » New PCI Phone Rules: A Number Spoken Is Just As Risky As One Typed.

PCI QSAs, certifications to get new scrutiny

The Payment Card Industry Security Standards Council (PCI SSC), under pressure from merchants to improve the training of its certified Qualified Security Assessors (QSA), has detailed plans to beef up its PCI QSA certification review process, adding much needed staff and funding to improve oversight of the individuals who conduct PCI Data Security Standard (DSS) compliance assessments.

via PCI QSAs, certifications to get new scrutiny.

Hacker Attacks Targeting Healthcare Organizations Doubled in the 4th Quarter of 2009 According to SecureWorks’ Data — ATLANTA, Jan. 26 /PRNewswire/ —

Attempted attacks increased from an average of 6,500 per healthcare client per day in the first nine months of 2009 to an average of 13,400 per client per day in the last three months of 2009. Attempted attacks against other types of organizations, protected by SecureWorks, did not increase in the fourth quarter

via Hacker Attacks Targeting Healthcare Organizations Doubled in the 4th Quarter of 2009 According to SecureWorks’ Data — ATLANTA, Jan. 26 /PRNewswire/ —.

UMC admits to prolonged patient privacy leak – Tuesday, Jan. 26, 2010 | 2 a.m. – Las Vegas Sun

University Medical Center officials said Monday that personal information of traffic accident victims was likely leaked from its trauma center for more than three months, and stopped only after the Las Vegas Sun told the hospital about the breach.

via UMC admits to prolonged patient privacy leak – Tuesday, Jan. 26, 2010 | 2 a.m. – Las Vegas Sun.

Can Validating PCI Compliance Increase Your Vulnerability To A Breach?

PCI validation is not the same as PCI compliance. Validation is an assessment or judgment based on evidence. It is something you do once a year. Compliance is different. It is a state where you, the merchant, actually meet all the rules and procedures every day.

via StorefrontBacktalk » Blog Archive » Can Validating PCI Compliance Increase Your Vulnerability To A Breach?.

PCI DSS Names New Chair

On Jan 25th, the PCI Security Standards Council, a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) Security Requirements and the Payment Application Data Security Standard (PA-DSS), announced that Bruce Rutherford, group head, fraud management solutions, payment system integrity, MasterCard, has been appointed as the new chairperson of the PCI Security Standards Council. Rutherford will steer the Council as it works with industry stakeholders to create and release new standards in 2010.

via PCI DSS Names New Chair – DarkReading.