The PCI Security Standards Council Friday released its long-awaited guidance on how mobile payment acceptance applications can meet PCI standards .
The council today listed the types of mobile applications now measured by the security standards, and which types require further review.
via PCI Council says mobile payment apps can meet security standard.
Until such time that it has completed a comprehensive examination of the mobile communications device and mobile payment application landscape, the Council will not approve or list mobile payment applications used by merchants to accept and process payment for goods and services as validated PA-DSS applications unless all requirements can be satisfied as stated
via PCI SSC Nixes PA-DSS Certification For Mobile Payments Applications – For A While « PCI Guru.
On Tuesday, June 14, 2011, the PCI SSC released an Information Supplement regarding Virtualization Guidelines. Not only does this Information Supplement cover virtualization from a VMware and Hyper-V perspective, but also goes into cloud computing.
via PCI SSC Releases Virtualization Guidelines « PCI Guru.
Smaller merchants tend to rely on their acquirer or independent sales organization (ISO) to initiate PCI DSS compliance validation. Without directive or enforcement of such initiatives, many will forgo basic steps to protect their networks and their customers’ cardholder data because they feel they do not have the time or the proper resources, or they’re just not aware of the requirement, the survey found.
via Infosecurity (USA) – Small merchants make up lion’s share of credit card breaches.
The ISA training consists of a four-hour online pre-requisite course and exam covering PCI fundamentals, followed by an in-depth, two-day (down from the original three), instructor-led course and exam. Successful completion results in ISA qualification and a PCI ISA certificate.
via PCI Training Gets High Marks.
According to a survey recently unveiled by the Ponemon Institute, a new factor is driving adoption of encryption technologies by merchants. For the first time in the six years of the U.S. Enterprise Encryption Trends survey, more businesses emphasized the meeting of PCI DSS requirements as a factor for adopting encryption technology. Previously the primary motivation to adopt data security technologies was to protect against security breaches.
via PCI Compliance Concerns Driving Adoption of Encryption.
Frustrated, I asked the participants at my last meeting, “If not the PCI standards, then what standard do you want to follow to ensure the security of cardholder data?” Roaring silence.
via If Not The PCI Standards, Then What? « PCI Guru.
Visa has excluded U.S. businesses from a worldwide program that encourages merchants to deploy more secure payment terminals, because of what it claims is the uncertainty surrounding new debit card rules.
via Visa excludes U.S. merchants to spur secure card adoption – Computerworld.
“So, what vulnerabilities did they detect?”
“None,” was the confused answer at the other end of the line.
“What? They must have detected at least one high, severe or critical vulnerability? That is the only way you can fail,” I would ask, now also confused.
“Nope. Nothing. Just the fact that the OS is unsupported,” I was told.
via The “Magic” Vulnerability – Revised « PCI Guru.
