Amazon Web Services LLC AWS, a subsidiary of Amazon.com recently announced it has achieved Level 1 compliance with the Payment Card Industry PCI Data Security Standard DSS. Merchants and other service providers can now run their applications on AWS PCI-compliant technology infrastructure to store, process and transmit credit card information in the cloud. Customers can use AWS cloud infrastructure
via InformationWeek – Cloud Computing – Amazon Web Services achieves Level 1 PCI compliance.
Bob Russo, GM of the PCI Security Standards Council, says simply that PCI security standards are maturing “gracefully.”
In fact, Russo says the global payments community is pleased with the standards, which is why the council decided to make no significant changes this time around. The PCI Data Security Standard and the PCI Payment Application Data Security Standard have not changed significantly this year. But what the industry can expect in 2011 are clarifications and some new guidance regarding emerging technologies.
via PCI Guidance and Emerging Tech.
Last week, Visa officially brought corporate franchisors into the world of Level 1 merchant service providers by requiring them to register as Third-Party Agents, with all that that implies. At one level, the increased visibility, attention to PCI compliance and stricter validation regime should reduce data breaches at unsecure franchise locations.
via StorefrontBacktalk » Search Results » corporate franchise servicer.
The most stressful season of the year is upon us. Yep, Christmas time, the season of joy, goodwill, and happiness. Ironically though, many people find the festive season a financially stressful time. More people these days are buying gifts online, to beat the high prices at the local stores wavering from the economic downturn.
Implement only one primary function per server to prevent functions that require different security levels from co-existing on the same server. (For example, web servers, database servers, and DNS should be implemented on separate servers.)
Note: Where virtualization technologies are in use, implement only one primary function per virtual system component.
via PCI DSS 2.0 addresses use of server virtualization | Virtualization – InfoWorld.
Which version of PCI should you use to validate your compliance? Although Version 2.0 was recently released, it is not effective until Jan. 1, 2011, after which time it will exist in parallel with the current version—1.2. That means for all of 2011 retailers will have the option of using either version to validate their compliance.
via StorefrontBacktalk » Blog Archive » PCI 2.0 Or 1.2—The Choice Is Yours, For Now.
HyTrust, Cisco, VMware, Savvis and Coalfire Outline Configuration Guidelines to Meet the New Requirements Following Publication of New Payment Card Industry Data Security Standard
via Industry Leaders Publish Reference Architecture for PCI DSS 2.0 Compliant Clouds – MarketWatch.
PCI is further redefining what a hardware terminal is: It’s supposed to take payments outside of the PCI card data environment so you don’t have to do any monitoring of them,” he says. “But we’ve seen outbreaks of tampering [of devices] to capture cardholder data … they are changing the definition, which could bring a lot of intelligent terminals collecting payments brought into [PCI]
via Things To Look Out For In New PCI Version 2.0 – DarkReading.
The key revisions cover areas such as log management and scoping the environment to understand where cardholders reside. There were also revisions meant to enable organizations to develop a risk-based assessment approach based on their specific business circumstances as well as changes designed to appeal to small merchants to simplify their compliance efforts.
via PCI Compliance Changes Promote Log Management – Security from eWeek.
The first thing readers will notice when they open PCI Version 2.0 is an expanded section defining PCI scope. Version 2 requires merchants and processors to identify explicitly all the locations and flows of cardholder data annually before they begin their assessment. The specific instructions are to make sure that no data has leaked outside your defined cardholder data environment and, if you find any, that you either eliminate the data or include it in your assessment.
via StorefrontBacktalk » Blog Archive » PCI 2.0 Changes: The Good, The Bad And The Hashing.
