PCI
Simple Log Review Checklist Released!
Today, many people are looking for very simple solutions to big and complex problems – and the area of logging and log management is no exception. Following that theme, we have created a “Critical Log Review Checklist for Security Incidents” which is released to the world today.
In addition to HTML, PDF or DOC versions are [...]
Up to 90% of UK companies may not comply with PCI security standards – Data control & Intellectual Property – ComputerworldUK
New research shows that 89 percent of UK companies are not compliant with the Payment Card Industry Data Security Standards.
via Up to 90% of UK companies may not comply with PCI security standards – Data control & Intellectual Property – ComputerworldUK.
RSA: PCI tokenization push promising but premature, experts say
Tokenization technology has the potential to protect credit card data while reducing the scope of a PCI DSS assessment, but a lack of standards and some complexity issues are cause for concern, panelists said Wednesday, at the 2010 RSA Conference.
via PCI tokenization push promising but premature, experts say.
What’s Ahead For PCI in 2010
The following milestones provide an overview of what the PCI Security Standards Council has planned for 2010 and what changes to expect along the way:
* November 2009-April 2010: DSS and PA-DSS feedback review process.
* March: Council shares summary of feedback with market.
* Late April: New PIN transaction security (PTS) standard released (formerly PIN Entry Device [...]
Average annual cost of PCI compliance audit? $225k
Merchants that undergo network audits to ensure compliance with the Payment Card Industry Data Security Standards are paying an average of $225,000 each year — and 10% of these business are paying $500,000 or more annually, according to a new study. In spite of that, 2% of them fail these audits.
via Average annual cost of [...]
How to Implement Secure, PCI-Compliant Access Controls – Security from eWeek
For instance, Section 7 of the Payment Card Industry Data Security Standard (PCI DSS) requires that access to cardholder data is restricted access by business “need-to-know.” This means that access rights are granted to only the least amount of data and privileges needed to perform a job. Section 7.1 of the PCI DSS limits access [...]
PCI Council Changes Its Audio Recording Policy, Again
Saying that it was “a result of additional market feedback,” the Council ruled that digital recordings would not be considered in scope if the retailer can prove that the data in question can’t be queried. “The Council is now saying that call centers can keep this data—even if digital—so long as they protect it per [...]
PCI Security Standards Council readying new payment-card security standard
The Payment Card Industry data security standards, which influence design of networks where sensitive payment-card account data is stored, are expected to be further revised by the PCI Security Standards Council over the next few months.
Bob Russo, general manager of the PCI Security Standards Council, says that by early summer the organization expects to be [...]
PCI Compliance: What You Don’t Know CAN Hurt You | Guest Opinions | ITBusinessEdge.com
… data like Social Security numbers, medical records and credit card information tied to an individual — that hackers got access to skyrocketed to 220 million records in 2009, compared with 35 million in 2008. That represents the largest collection of lost data on record.
via PCI Compliance: What You Don’t Know CAN Hurt You | [...]
Security Versus Scope: Choose One
Tokenization and end-to-end encryption are designed to secure information both in transit and at rest. In other words, the focus of each technology is security first. The fact that they can reduce PCI scope or make PCI compliance easier is a secondary benefit.
via StorefrontBacktalk » Blog Archive » Security Versus Scope: Choose One.
