Last week, Visa officially brought corporate franchisors into the world of Level 1 merchant service providers by requiring them to register as Third-Party Agents, with all that that implies. At one level, the increased visibility, attention to PCI compliance and stricter validation regime should reduce data breaches at unsecure franchise locations.
The most stressful season of the year is upon us. Yep, Christmas time, the season of joy, goodwill, and happiness. Ironically though, many people find the festive season a financially stressful time. More people these days are buying gifts online, to beat the high prices at the local stores wavering from the economic downturn.
A Malaysian man was indicted Thursday on charges he hacked into the networks of a number of financial institutions, including the Federal Reserve Bank of Cleveland, and amassed some 400,000 stolen credit and debit card numbers, according to federal prosecutors.
HHS officials last week confirmed what many people have long suspected: Laptop theft is the most common source of health data breaches affecting at least 500 people. Of the 189 breaches reported to HHS since notification became mandatory last year, 52 percent were due to theft
Implement only one primary function per server to prevent functions that require different security levels from co-existing on the same server. (For example, web servers, database servers, and DNS should be implemented on separate servers.)
Note: Where virtualization technologies are in use, implement only one primary function per virtual system component.
Which version of PCI should you use to validate your compliance? Although Version 2.0 was recently released, it is not effective until Jan. 1, 2011, after which time it will exist in parallel with the current version—1.2. That means for all of 2011 retailers will have the option of using either version to validate their compliance.
HyTrust, Cisco, VMware, Savvis and Coalfire Outline Configuration Guidelines to Meet the New Requirements Following Publication of New Payment Card Industry Data Security Standard
Google (GOOG) and a reseller of its products have filed a lawsuit against the U.S. Department of the Interior after the agency solicited bids for cloud-based e-mail and messaging services specifying that bidders must use Microsoft (MSFT) products.
Indiana Attorney General Gregory Zoeller has filed a lawsuit against health insurer WellPoint Inc., alleging the company did not notify 32,051 affected consumers in the state of a breach of their protected health information in a timely manner.