PCI
New Version 3.0 of the PIN Transaction Security (PTS) Point of Interaction (POI) standard
A new measure to strengthen credit card data protection was released by the PCI Security Standards Council today. Version 3.0 of the PIN Transaction Security (PTS) Point of Interaction (POI) standard is designed to streamline and simplify testing and implementation by providing a single set of modular evaluation requirements for all Personal Identification Number (PIN) [...]
PCI council launches certification program for IT staff
The organization responsible for administering the Payment Card Industry Data Security Standard (PCI DSS) has launched a new program to help enterprises conduct self-assessments of their compliance with the standard. The security council will train and certify IT security staff to conduct PCI compliance assessments on behalf of their companies. via PCI council launches certification [...]
Visa targets online marketing ‘scam’
Retailers will no longer be able to allow third parties to charge a customer’s card without the card owner re-entering credit card information, Visa said Tuesday. This is Visa’s response to one of the biggest scandals to rock online retailing in years. via Visa targets online marketing ‘scam’ | Media Maverick – CNET News.
Report: Tier 1 Merchants Pay $122,000 More For PCI Assessments – DarkReading
When it comes to annual costs for PCI assessments, not all engagements are created equal: Larger, Tier 1 merchants pay an average of $122,000 more, according to a survey of PCI qualified security assessors (QSAs) released today. via Report: Tier 1 Merchants Pay $122,000 More For PCI Assessments – DarkReading.
OWASP Top10 2010 Released
Today, OWASP has released an updated report capturing the top ten risks associated with the use of web applications in an enterprise. This colorful 22 page report is packed with examples and details that explain these risks to software developers, managers, and anyone interested in the future of web security. Everything at OWASP is free [...]
PCI: Data Token Alternatives
When a merchant cannot — or will not — replace credit card numbers with tokens provided by its payment processor, how does it secure it database to be PCI-compliant? via PCI: Data Token Alternatives – Security Views – Dark Reading.
Deadline to disable WEP for PCI DSS compliance
The clock is ticking! June 30, 2010 is the deadline for companies required to comply with the Payment Card Industry Data Security Standard (PCI DSS) to eliminate any use of Wired Equivalent Privacy (WEP) on their networks. This outdated standard uses insecure cryptography and hackers have clearly demonstrated the ability to penetrate WEP networks in [...]
PCI Council readying end-to-end encryption guidance
The PCI Security Standards Council is studying a number of emerging technologies and plans to issue a guidance document on end-to-end encryption when it releases the next version of the PCI Data Security Standards (PCI DSS), due out in October. Bob Russo, general manager of the PCI Council, said researchers are preparing documentation on what [...]
New Law Lets Banks Recover Data Breach Costs – www.esecurityplanet.com
Washington last week became the third state to pass legislation that will allow banks to recover certain costs and damages from retailers and credit card processors that suffer data breaches after failing to comply with current Payment Card Industry (PCI) standards. The law, which goes into effect on July 1 in Washington, follows similar laws [...]
Gonzalez Gets 20 Years in Hacker Case
Hacker Albert Gonzalez is sentenced to 20 years in prison for his role in hacking TJX, Barnes & Noble, OfficeMax and other retailers. He faces the possibility of more time behind bars when he is sentenced for his role in hacking a slew of other companies, including Heartland Payment Systems. via Gonzalez Gets 20 Years [...]
