The final version of PCI version 2.0 has just been released this week. It goes into effect on Jan. 1 but impacted entities have until Dec. 31, 2011, to become fully compliant.
via New PCI Standards Finalized.
Category Archives: PCI
An SMB Guide to Credit Card Regulations #PCI
Posted by compliancesoftware
on October 21, 2010
No comments
This article is the first in a short series designed to help small businesses understand the regulations around securing credit card transactions, specifically the PCI DSS (Payment Card Industry’s Data Security Standard) requirements.
via An SMB Guide to Credit Card Regulations: Part I- PCI DSS Q&A – Security Views – Dark Reading.
#PCI: Smaller Merchants Threatened
Posted by compliancesoftware
on October 19, 2010
No comments
The Payment Card Industry’s Security Standards Council may be doing a good job helping lock down larger retailers, but the smaller “Mom and Pop” merchants are becoming the new targets of cyber criminals, says a PCI expert.
via PCI: Smaller Merchants Threatened.
PCI Compliance Should Be a ‘LifeStyle’
Posted by compliancesoftware
on October 10, 2010
No comments
Merchants are most likely to remain compliant with the Payment Card Industry Data Security Standards and avoid data breaches if they adopt security as a “lifestyle,” according to a study released earlier this week by Verizon Business. Verizon Business provides audits and other PCI-related services.
via News.
PCI Council Offers Guidance On Point-To-Point Encryption – compliance/Security – DarkReading
Posted by compliancesoftware
on October 10, 2010
No comments
In a new document, “Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance” (PDF), the standards group offers guidance on what organizations should look for when acquiring and purchasing encryption technology to protect credit cardholder data as it is authorized and transported into a database.
via PCI Council Offers Guidance On Point-To-Point Encryption – compliance/Security – DarkReading.
Will #PCI Outsourcing Kill Conversion Rates?
Posted by compliancesoftware
on September 29, 2010
No comments
Small business ecommerce site owners cannot afford to slack off when it comes to the Payment Card Industry Data Security Standard (PCI DSS). Its strict security requirements make being PCI compliant challenging for small retailers, but PCI DSS is a standard that all organizations must follow when storing, processing and transmitting its customer’s credit card data.
One of the easiest ways to be PCI-compliant is to outsource payment processing and work with a payment provider who has the experience, systems and security in place that meets the PCI DSS standard. By outsourcing PCI compliance you basically remove the PCI burden from your small business to a trusted provider.
via Will PCI Outsourcing Kill Conversion Rates? — eCommerce-Guide.com.
Secure Coding And Application Vulnerability Scanning
Posted by compliancesoftware
on September 29, 2010
No comments
The overall intent of both of these standards is to stop insecure applications from being placed in production. The intent of requirement 6.5 is to ensure that secure coding techniques are part of the system development lifecycle (SDLC) and that the most obvious errors, at the moment those are the OWASP Top 10, have been addressed during development. The intent of requirement 6.6 is to ensure that either code reviews are conducted or an application firewall is used to protect applications.
via Secure Coding And Application Vulnerability Scanning « PCI Guru.
Meeting the new #PCI wireless requirements
Posted by compliancesoftware
on September 29, 2010
No comments
Beginning Sept. 30, Visa will require merchants and related businesses to conduct wireless security scans to prove compliance with version 1.2 of the PCI Data Security Standard (PCI DSS) which is designed to safeguard cardholder data from wireless threats.
via Meeting the new PCI wireless requirements.
Report claims 80% of web apps will fail a PCI DSS audit
Posted by compliancesoftware
on September 28, 2010
No comments
Research released today makes the damning assertion that, with more than half of all software failing to meet acceptable security levels, 80% of all web applications are at risk of failing a PCI audit.
via Infosecurity (UK) – Report claims 80% of web apps will fail a PCI DSS audit.
The PCI Lessons From Google’s Employee Data Breach
Posted by compliancesoftware
on September 28, 2010
No comments
When Google this month fired a programmer for using the search giant’s database to investigate an intriguing teenager, it showed that even the most sophisticated and respected technology brands can have a trusted employee go rogue. This lesson should not be lost on retail executives, who may rely on several third-party service providers to process or analyze their payments.
via StorefrontBacktalk » Blog Archive » The PCI Lessons From Google’s Employee Data Breach.