Despite the strong security benefits, Visa and the card issuers come out much farther ahead in this program when compared to the merchants, as generally seems to be the case when it comes to card industry events
ControlCase Data Discovery enables large and small businesses and organizations to find credit and debit card information that could be stored in their systems in violation of the Payment Card Industry (PCI) Data Security Standard (DSS) Finding credit card data is one of the key and initial steps needed for compliance
The PCI Security Standards Council Friday released its long-awaited guidance on how mobile payment acceptance applications can meet PCI standards .
The council today listed the types of mobile applications now measured by the security standards, and which types require further review.
Until such time that it has completed a comprehensive examination of the mobile communications device and mobile payment application landscape, the Council will not approve or list mobile payment applications used by merchants to accept and process payment for goods and services as validated PA-DSS applications unless all requirements can be satisfied as stated
On Tuesday, June 14, 2011, the PCI SSC released an Information Supplement regarding Virtualization Guidelines. Not only does this Information Supplement cover virtualization from a VMware and Hyper-V perspective, but also goes into cloud computing.
Smaller merchants tend to rely on their acquirer or independent sales organization (ISO) to initiate PCI DSS compliance validation. Without directive or enforcement of such initiatives, many will forgo basic steps to protect their networks and their customers’ cardholder data because they feel they do not have the time or the proper resources, or they’re just not aware of the requirement, the survey found.
The ISA training consists of a four-hour online pre-requisite course and exam covering PCI fundamentals, followed by an in-depth, two-day (down from the original three), instructor-led course and exam. Successful completion results in ISA qualification and a PCI ISA certificate.
According to a survey recently unveiled by the Ponemon Institute, a new factor is driving adoption of encryption technologies by merchants. For the first time in the six years of the U.S. Enterprise Encryption Trends survey, more businesses emphasized the meeting of PCI DSS requirements as a factor for adopting encryption technology. Previously the primary motivation to adopt data security technologies was to protect against security breaches.
Frustrated, I asked the participants at my last meeting, “If not the PCI standards, then what standard do you want to follow to ensure the security of cardholder data?” Roaring silence.