Category Archives: PCI

New #PCI Compliance Stats Show Little Change

Posted by on January 31, 2011 1 comment

The latest PCI compliance reports (data current as of Dec. 31, 2010) show little change for Level 1 and Level 2 merchants, with each group holding at 96 percent. Level 1 had been at 96 percent for months, but the number of retailers in that group jumped from 358 to 377 (since the prior report in June 30, 2010). Level 2 had been at 95 percent, so the 96 percent figure reflects a slight increase. The number of merchants in Level 2, however, dropped from 894 to 881. So if even a few of those 13 retailers had been non-compliant, that could explain the bump up to 96 percent.

via StorefrontBacktalk » Blog Archive » New PCI Compliance Stats Show Little Change.

Cost of regulatory security compliance? On average, $3.5M – CSO Online – Security and Risk

Posted by on January 31, 2011 1 comment

The cost of achieving regulatory security compliance is on average $3.5 million each year, according to a survey of 160 individuals leading the IT, privacy and audit efforts at 46 multinational organizations

via Cost of regulatory security compliance? On average, $3.5M – CSO Online – Security and Risk.

Nominations Open for PCI Board

Posted by on January 30, 2011 No comments

The PCI Security Standards Council (PCI SSC), which oversees the PCI (Payment Card Industry) Data Security Standard that card-accepting retailers must follow, today announced that nominations for election to the 2011-2013 PCI SSC board of advisors are now being accepted

via Nominations Open for PCI Board.

PA-DSS ‘Guidance’ for Mobile Apps Likely to Come This Year, PCI Council Says

Posted by on January 26, 2011 1 comment

Top officials with the Wakefield, Mass.-based organization tell Digital Transactions News the Council is working on what it calls a “technology evaluation” to craft new validation procedures that more clearly suit the software used by mobile merchants

via .

Cisco: Wireless AP Upgrade Goes Beyond PCI

Posted by on January 20, 2011 No comments

Also new is a PCI compliance-specific reporting function for Cisco’s Wireless Control System. The System had a PCI compliance report capability previously, but the updated function can offer a PCI summary report, and filter out and report on individual locations or devices in the wireless network.

via Cisco: Wireless AP Upgrade Goes Beyond PCI.

More On “The Cloud” And PCI Compliance

Posted by on January 16, 2011 No comments

the PCI DSS is actually written in such a way to address changes in technology without directly calling out new technologies

via More On “The Cloud” And PCI Compliance « PCI Guru.

2011 Card Skimming Fraud Threats #PCI

Posted by on December 15, 2010 No comments

What’s interesting is that the criminals are now using cryptographic technology to protect the card information they steal, and that’s posing challenges for detection and law enforcement

via 2011 Card Skimming Fraud Threats.

#PCI Council Officially Swears Off Mobile Apps

Posted by on December 15, 2010 No comments

The PCI Security Standards Council, as expected, has officially declared it will not sign off on any mobile application for quite some time. If it helps, the Council added that mobile “will be a key focus for the Council in 2011.”

via StorefrontBacktalk » Blog Archive » PCI Council Officially Swears Off Mobile Apps.

Anatomy Of A Breach « PCI Guru

Posted by on December 12, 2010 No comments

People are always asking me why complying with the PCI standards is important as in, “What’s in it for my company?” So I thought I would take a known, documented breach and walk through where PCI compliance would have made a difference

via Anatomy Of A Breach « PCI Guru.

Regulatory compliance hogs security pros’ attention

Posted by on December 7, 2010 No comments

One out of every two IT security professionals spends 50% of the work week on regulatory compliance initiatives, according to a new survey.

via Regulatory compliance hogs security pros’ attention.