Monthly Archives: June 2010

Tokenization and encryption for #PCI compliance

Tokenization and encryption may be the best solution to one of the biggest data-security challenges facing merchants: how to protect confidential payment card information against emerging threats without disrupting normal business operations. That’s according to a security brief released on Tuesday by RSA, the Security Division of EMC. Security experts from processor First Data Corp. and Visa Inc. also contributed to the report

via News.

PCI Standards Stretched To Three-Year Cycle

Merchants have gained some welcome breathing room for complying with PCI: The PCI Standards Council today announced its standards cycle will move from a two- to three-year cycle.The extra year between new versions of the PCI DSS, PA-DSS, and PCI DTS standards came in response to complaints from merchants and others in the secure payment industry that the current schedule of releasing new requirements every two years was too tight.

via PCI Standards Stretched To Three-Year Cycle – DarkReading.

Do You Have What It Takes To Pass Your Payment Card Industry Audit? #PCI

With every company reliant on software to run its business, an alarming rise in data breach incidents across industries, but especially credit card processing, means application security is becoming an increasingly critical part of any organisation’s overall IT security strategy. For organisations that store, transmit or process credit card information, it is vital as they must be able to demonstrate compliance with the Payment Card Industry Data Security Standards (PCI DSS).

via Do You Have What It Takes To Pass Your Payment Card Industry Audit? – Banking Business Review.

BofA call center worker pleads guilty to data theft

A Bank of America call center employee has pleaded guilty to charges that he stole sensitive client information and then tried to sell it for cash.

Brian Matty Hagen pleaded guilty last week to one count of bank fraud. According to court filings he allegedly recorded customer account information when BofA customers called him for technical support at the Florida call center where he worked.

via BofA call center worker pleads guilty to data theft.

Auditors Fault GSA Travel System Security

Federal auditors have criticized the security and design of a General Services Administration e-travel system, suggesting changes to it as part of a yearly review of the agency's IT process.

In the Office of the Inspector General's semiannual report to Congress, auditors said that the GSA's implementation of the E2 Solutions travel management system has security and usability issues that, among other things, don't properly measure the performance of the system and make it unfriendly for users, particularly disabled ones.

via Auditors Fault GSA Travel System Security — Government Travel — InformationWeek.

5 at hospital Fired For Social Media Use #HIPAA

A California hospital will fire five employees and discipline another because they posted personal discussions concerning hospital patients using social media.An ongoing investigation at Tri-City Medical Center in Oceanside “has not yet identified any evidence that patient names, photographs, or similar identifying information was posted by these employees,” according to a statement from Larry Anderson, CEO. “But our investigation yielded sufficient information to warrant disciplinary action.”

via 5 Fired For Social Media Use.

NIST Releases Continuous Monitoring FAQs

Continuous monitoring is at the center of proposed reform to FISMA, which is currently maligned as being an exercise in paperwork rather than an effective guide for cybersecurity.

The National Institute of Standards and Technology (NIST) has released a list of 17 frequently asked questions about continuous monitoring.

via NIST Releases Continuous Monitoring FAQs | The New New Internet.

FTC pushes back identity theft rules deadline — for fifth time

The Federal Trade Commission (FTC) has once again pushed back its enforcement deadline for an identity theft –lated regulation called the Red Flags Rule.

The rule requires financial institutions and other organizations that extend consumer credit to develop and implement written policies for detecting and preventing identity theft.

via FTC pushes back identity theft rules deadline — for fifth time.

FISMA II Looks to Institute Performance-Based Metrics

With 40 some pieces of cybersecurity legislation pending before Congress, FISMA II is one that has drawn significant attention from the government-contracting world. While most government agencies and federal contractors learned to check the box and implement whatever measures the act set as standards the first time around, the FISMA II will demand more than that: Instead of being compliance focused, the new bill will introduce performance-based standards and guidelines.

via FISMA II Looks to Institute Performance-Based Metrics | The New New Internet.

Lawsuit Brewing Against Popular POS Software Provider and Reseller

With evidence mounting of flagrant abuses of PCI-DSS security standards, two attorneys are on the verge of announcing the official filing of a national lawsuit against one of the hospitality industry’s biggest point-of-sale (POS) technology providers and one of its system resellers. The targets of the upcoming legal action will be Restaurant Data Concepts, Inc. of Warwick, Rhode Island – creators of the POSitouch™ system – and CC Productions of Hoboken, New Jersey, the reseller. POSitouch technology is installed in more than 20,000 restaurants nationwide.

via Lawsuit Brewing Against Popular POS Software Provider and Reseller.