Category Archives: PCI

Is PCI compliance a ticket to the boardroom

Posted by on June 6, 2009 No comments

The Payment Card Industry Data Security Standard (PCI DSS) is old hat, at least when it comes to how senior management thinks about it. They’ve heard it all before. The standards have been around for five years and executives view PCI compliance as a necessary evil and something that is delegated to the security team. But here are some PCI-related issues that should be of interest to senior management, and they may require you to make a trip to the boardroom.

via Is PCI compliance a ticket to the boardroom? – Network World.

In Legal First, Data-Breach Suit Targets Auditor

Posted by on June 2, 2009 No comments

n theory, CardSystems should have been safe. The industry’s primary security standard, known then as CISP, was touted as a sure way to protect data. And CardSystems’ auditor, Savvis Inc, had just given them a clean bill of health three months before.

Yet, despite those assurances, 263,000 card numbers were stolen from CardSystems, and nearly 40 million were compromised.

More than four years later, Savvis is being pulled into court in a novel suit that legal experts say could force increased scrutiny on largely self-regulated credit card security practices.

via In Legal First, Data-Breach Suit Targets Auditor | Threat Level | Wired.com.

Finextra: UK e-tailers don’t understand PCI DSS – survey

Posted by on June 2, 2009 No comments

Around 60% of UK online retailers do not know whether they are in compliance with the Payment Card Industry Data Security Standard (PCI DSS), according to a survey from Sage Pay.

via Finextra: UK e-tailers don’t understand PCI DSS – survey.

Virtualization Could Collide With PCI, But Help Forensics

Posted by on May 31, 2009 No comments

With lingering questions about how virtual environments will play with compliance, security experts here have warned organizations to avoid virtualizing any highly regulated applications — and to also consider new ways to use virtualization to enhance security.

via Virtualization Could Collide With PCI, But Help Forensics – DarkReading.

PCI and Fraud Analysis: To Have and Have Not

Posted by on May 26, 2009 No comments

As merchants work to reduce the scope of PCI compliance and the risk due to having credit card data in their environment, some companies are actually taking access to this data away from people who need it to do their job, including the managers who are charged with investigating fraudulent credit card transactions. Instead of PCI controls helping reduce fraud, for some companies, they are making fraud detection more difficult.

via StorefrontBacktalk » Blog Archive » PCI and Fraud Analysis: To Have and Have Not.

Credit card council looks into cloud security

Posted by on May 23, 2009 No comments

The Payment Card Industry (PCI) Council has set up a task force to examine cloud computing services to figure out what unique exposure credit card data faces if stores, restaurants, hotels and the like relegate their card information to a provider.

via Credit card council looks into cloud security – Network World.

SAS 70 audits and PCI DSS: Four critical keys for cost-effective compliance

Posted by on May 20, 2009 No comments

SAS 70 audits and PCI DSS assessments are fast becoming two of the most widely recognized and “must have” compliance initiatives for many businesses in today’s growing regulatory environment. Sarbanes Oxley, HIPAA, and other federally mandated legislative acts have pushed Statement on Auditing Standards No. 70 (SAS 70) into the forefront of compliance. Similarly, the Payment Card Industry Data Security Standards (PCI DSS) assessments have also become a widespread compliance mantra affecting thousands of businesses across the globe. And as with any compliance mandate, particularly SAS 70 and PCI DSS, an enormous amount of time and effort are required for achieving overall success.

via SAS 70 audits and PCI DSS: Four critical keys for cost-effective compliance | IT Leadership | TechRepublic.com.

PCI appoints new board of advisers

Posted by on May 19, 2009 No comments

A roster of new organizations will make up the second Payment Card Industry Security Standards Council (PCI SSC) board of advisers, including Bank of America, Wal-Mart and PayPal, the industry standards body announced Monday.

The advisers will replace the inaugural board, which served a two-year term beginning in 2007. The purpose of the board is to provide strategic and technical guidance to the PCI SSC, which manages the Payment Card Industry Data Security Standard (PCI DSS).

via PCI appoints new board of advisers – SC Magazine US.

Most claims dismissed in Hannaford data breach suit – Network World

Posted by on May 16, 2009 1 comment

All but one of the legal claims filed against Hannaford Bros. — the Maine-based retailer that suffered a security breach exposing some four million credit and debit cards — has been dismissed.

via Most claims dismissed in Hannaford data breach suit – Network World.

RBS Gets an OK on PCI, But Is It Back in Visa’s Good Graces

Posted by on May 15, 2009 No comments

Atlanta-based RBS WorldPay didn’t say anything in its news release about if or when it would reappear on Visa Inc.’s widely watched list of PCI-compliant processors. The company is not on the current list posted on Visa’s risk-management site for merchants. Typically, an acquirer sends its annual report of validated PCI compliance to Visa for review

via News.