PCI
Gonzalez Gets 20 Years in Hacker Case
Hacker Albert Gonzalez is sentenced to 20 years in prison for his role in hacking TJX, Barnes & Noble, OfficeMax and other retailers. He faces the possibility of more time behind bars when he is sentenced for his role in hacking a slew of other companies, including Heartland Payment Systems. via Gonzalez Gets 20 Years [...]
Squeezing More Value From Your PCI Assessment
Often, merchants prepare a thoughtful risk assessment and then file it away (a.k.a., “shelfware”) until their QSA returns the next year, at which time it gets dusted off, reviewed and, hopefully, updated. If that describes your situation, you could be missing a golden opportunity to reduce your PCI scope, lower your risk and cut your [...]
PCI And Cloud Computing: It’s All About Scope
From a PCI compliance perspective, it all comes down to scope. That is, although the technology–primarily virtualization–may be new, the compliance concerns you need to address (see above) are the same. You need (hopefully together with your QSA) to tell the story of how you are meeting PCI requirements in the cloud. via StorefrontBacktalk » [...]
PCI and the Art of the Compensating Control
Information in this chapter: * What is a Compensating Control? * Where are Compensating Controls in PCI DSS? * What a Compensating Control Is Not * Funny Controls You Didn't Design * How to Create a Good Compensating Control via PCI and the Art of the Compensating Control – CSO Online – Security and Risk.
Don’t Let Your CRM System Feed the Lawsuit Beast
The best way to avoid PCI audits and headlines about credit card lists leaking to the internet is to not store that data in the CRM system in the first place. Although your customer service reps (CSR) may need to access that data, the CRM system should hold only pointers (external keys) to the system [...]
Overpaying For PCI Compliance
Are you paying too much to validate your PCI compliance? It’s possible, even likely, that you are. The reason is not that your QSA is too expensive or that PCI is too demanding. Rather, the reason many merchants pay too much is that they forget PCI Requirement 0. You don’t know Requirement 0? It says: [...]
Simple Log Review Checklist Released!
Today, many people are looking for very simple solutions to big and complex problems – and the area of logging and log management is no exception. Following that theme, we have created a “Critical Log Review Checklist for Security Incidents” which is released to the world today. In addition to HTML, PDF or DOC versions [...]
Up to 90% of UK companies may not comply with PCI security standards – Data control & Intellectual Property – ComputerworldUK
New research shows that 89 percent of UK companies are not compliant with the Payment Card Industry Data Security Standards. via Up to 90% of UK companies may not comply with PCI security standards – Data control & Intellectual Property – ComputerworldUK.
RSA: PCI tokenization push promising but premature, experts say
Tokenization technology has the potential to protect credit card data while reducing the scope of a PCI DSS assessment, but a lack of standards and some complexity issues are cause for concern, panelists said Wednesday, at the 2010 RSA Conference. via PCI tokenization push promising but premature, experts say.
What’s Ahead For PCI in 2010
The following milestones provide an overview of what the PCI Security Standards Council has planned for 2010 and what changes to expect along the way: * November 2009-April 2010: DSS and PA-DSS feedback review process. * March: Council shares summary of feedback with market. * Late April: New PIN transaction security (PTS) standard released (formerly [...]
