Small business ecommerce site owners cannot afford to slack off when it comes to the Payment Card Industry Data Security Standard (PCI DSS). Its strict security requirements make being PCI compliant challenging for small retailers, but PCI DSS is a standard that all organizations must follow when storing, processing and transmitting its customer’s credit card data.
One of the easiest ways to be PCI-compliant is to outsource payment processing and work with a payment provider who has the experience, systems and security in place that meets the PCI DSS standard. By outsourcing PCI compliance you basically remove the PCI burden from your small business to a trusted provider.
via Will PCI Outsourcing Kill Conversion Rates? — eCommerce-Guide.com.
The overall intent of both of these standards is to stop insecure applications from being placed in production. The intent of requirement 6.5 is to ensure that secure coding techniques are part of the system development lifecycle (SDLC) and that the most obvious errors, at the moment those are the OWASP Top 10, have been addressed during development. The intent of requirement 6.6 is to ensure that either code reviews are conducted or an application firewall is used to protect applications.
via Secure Coding And Application Vulnerability Scanning « PCI Guru.
Beginning Sept. 30, Visa will require merchants and related businesses to conduct wireless security scans to prove compliance with version 1.2 of the PCI Data Security Standard (PCI DSS) which is designed to safeguard cardholder data from wireless threats.
via Meeting the new PCI wireless requirements.
The Trusted Computing Group and the National Institute of Standards and Technology Tuesday joined to give their blessing to the union of two technologies that each have championed: TCG with its network-access control standard called Trusted Network Connect, and NIST with its desktop-security configuration standard called the Security Control Automation Protocol
via NIST blesses network access, desktop security.
A federal grand jury in Pittsburgh has indicted a former employee at the University of Pittsburgh Medical Center for allegedly stealing patient data in the first HIPAA-related prosecution in the Western District of Pennsylvania, federal prosecutors say.
Paul C. Pepala, 34, of Monroeville, PA, faces 14 counts related to the alleged disclosure of patients’ data for personal gain in February 2008, when he was an employee at UPMC Shadyside Hospital. The indictment lists Pepala as the sole defendant.
via HIPAA Violations: UPMC Employee Criminally Indicted.
Research released today makes the damning assertion that, with more than half of all software failing to meet acceptable security levels, 80% of all web applications are at risk of failing a PCI audit.
via Infosecurity (UK) – Report claims 80% of web apps will fail a PCI DSS audit.
When Google this month fired a programmer for using the search giant’s database to investigate an intriguing teenager, it showed that even the most sophisticated and respected technology brands can have a trusted employee go rogue. This lesson should not be lost on retail executives, who may rely on several third-party service providers to process or analyze their payments.
via StorefrontBacktalk » Blog Archive » The PCI Lessons From Google’s Employee Data Breach.
The Department of Health and Human Services’ Office for Civil Rights received thousands of pages of comments from hundreds of organizations by the Sept. 13 deadline. Now, the office will spend the coming weeks fine-tuning the proposal issued in July.
via Plenty of Feedback on HIPAA Changes.
Heartland Payment Systems has agreed to pay $5 million to Discover to settle claims arising from the massive data breach disclosed by the payment processor last year.
In a brief statement on Wednesday, the Princeton, N.J.-based Heartland said the settlement “resolves all issues” between the two companies stemming from the intrusion.
via Discover to get $5M from Heartland for ’08 data breach.
A Nigerian man has been sentenced to 12 years in prison for sending out fraudulent e-mails offering victims big bucks in exchange for moving cash to the United States.
Okpako Mike Diamreyan, 31, was sentenced to 151 months of prison Wednesday by United States District Judge Janet Hall in Bridgeport, Connecticut.
via Nigerian advance-fee scammer gets 12 years.