Monthly Archives: September 2010

Will #PCI Outsourcing Kill Conversion Rates?

Small business ecommerce site owners cannot afford to slack off when it comes to the Payment Card Industry Data Security Standard (PCI DSS). Its strict security requirements make being PCI compliant challenging for small retailers, but PCI DSS is a standard that all organizations must follow when storing, processing and transmitting its customer’s credit card data.

One of the easiest ways to be PCI-compliant is to outsource payment processing and work with a payment provider who has the experience, systems and security in place that meets the PCI DSS standard. By outsourcing PCI compliance you basically remove the PCI burden from your small business to a trusted provider.

via Will PCI Outsourcing Kill Conversion Rates? —

Secure Coding And Application Vulnerability Scanning

The overall intent of both of these standards is to stop insecure applications from being placed in production.  The intent of requirement 6.5 is to ensure that secure coding techniques are part of the system development lifecycle (SDLC) and that the most obvious errors, at the moment those are the OWASP Top 10, have been addressed during development.  The intent of requirement 6.6 is to ensure that either code reviews are conducted or an application firewall is used to protect applications.

via Secure Coding And Application Vulnerability Scanning « PCI Guru.

NIST blesses network access, desktop security

The Trusted Computing Group and the National Institute of Standards and Technology Tuesday joined to give their blessing  to the union of two technologies that each have championed: TCG with its network-access control standard called Trusted Network Connect, and NIST with its desktop-security configuration standard called the Security Control Automation Protocol

via NIST blesses network access, desktop security.

HIPAA Violations: UPMC Employee Criminally Indicted

A federal grand jury in Pittsburgh has indicted a former employee at the University of Pittsburgh Medical Center for allegedly stealing patient data in the first HIPAA-related prosecution in the Western District of Pennsylvania, federal prosecutors say.

Paul C. Pepala, 34, of Monroeville, PA, faces 14 counts related to the alleged disclosure of patients’ data for personal gain in February 2008, when he was an employee at UPMC Shadyside Hospital. The indictment lists Pepala as the sole defendant.

via HIPAA Violations: UPMC Employee Criminally Indicted.

The PCI Lessons From Google’s Employee Data Breach

When Google this month fired a programmer for using the search giant’s database to investigate an intriguing teenager, it showed that even the most sophisticated and respected technology brands can have a trusted employee go rogue. This lesson should not be lost on retail executives, who may rely on several third-party service providers to process or analyze their payments.

via StorefrontBacktalk » Blog Archive » The PCI Lessons From Google’s Employee Data Breach.

Discover to get $5M from Heartland for ’08 data breach

Heartland Payment Systems has agreed to pay $5 million to Discover to settle claims arising from the massive data breach disclosed by the payment processor last year.

In a brief statement on Wednesday, the Princeton, N.J.-based Heartland said the settlement “resolves all issues” between the two companies stemming from the intrusion.

via Discover to get $5M from Heartland for ’08 data breach.