Heartland pays Amex $3.6 million over 2008 data breach – Network World
Heartland Payment Systems will pay American Express US$3.6 million to settle charges relating to the 2008 hacking of its payment system network. This is the first settlement Heartland has reached with a card brand since disclosing the incident in January of this year. via Heartland pays Amex $3.6 million over 2008 data breach – Network [...]
Making PCI Stand For Coordination & Impact : Daniel Wallace
Onsite PCI assessments are not cheap. First make certain that you have to comply with the onsite assessment requirement. Although all of the major card brands are partners in PCI-DSS the number of transactions are counted by individual card brand. For example, a merchant that processes 2 million credit card transactions will not necessarily be [...]
PCI Compliance: Frequently Asked Questions
Payment card industry compliance is confusing for many ecommerce merchants. But it potentially affects every merchant that accepts credit cards payments. Failure to understand the PCI compliance standards could result in higher merchant account fees and fines from the credit card issuers. Merchants oftentimes have similar general questions on PCI compliance. We posed some of [...]
Identity Theft – PCI Chiefs Defend Standards, Plans – eWeek Security Watch
It’s a gross oversimplification of an utterly staggering technical and social challenge, and he knows it as well as anyone, but it’s hard to argue with PCI Security Standards Council General Manager Bob Russo’s assertion that when it comes to improving electronic data security and related matters of individual privacy, “something is much better than [...]
Retailer Wireless Devices Largely Unprotected
A new survey shows 44 percent of the wireless devices used by retailers are vulnerable to attacks by data thieves. And that’s the good news. A year ago, the same Motorola survey showed 85 percent of retailers were sitting targets for drive-by data attacks. New PCI standards phasing out Wireless Equivalent Protocol–the weakest form of [...]
IGT Awarded The First PCI DSS 1.2 Certification | webnewswire.com
IGT Awarded The First PCI DSS 1.2 Certification Submitted by newsdesk on Mon, 12/22/2008 – 19:42 IGT, a pioneer and global leader in travel technologies and services received the coveted PCI DSS 1.2 certification from leading PCI DSS QSAC, ControlCase. IGT is the first Travel BPO Organization to become PCI DSS [...]
American Express web bug exposes card holders • The Register
A glaring vulnerability on the American Express website has unnecessarily put visitors at risk for more than two weeks and violates industry regulations governing credit card companies, a security researcher says. Among other things, the cross-site scripting (XSS) error on americanexpress.com allows attackers to steal users’ authentication cookies, which are used to validate American Express [...]
IT PRO | PCI’s Bob Russo: Data loss hurts brand more than a fine
As Christmas shoppers spend away and data breaches keep hitting the headlines, the Payment Card Industry’s security council is charged with keeping customer’s data safe. By Miya Knights, 12 Dec 2008 at 11:14 The Payment Card Industry Data Security Standard (PCI DSS) and the global forum formed to administer it, the PCI Security Standards Council [...]
Gartner – Visa sets Global PCI deadline
Visa announced a global compliance program for the card industry’s key security standard. But many issues remain, including unclear European deadlines and the treatment of merchants that have chip card processing in place. On 10 November 2008, Visa announced new global standards for compliance with the Payment Card Industry Data Security Standard (PCI DSS) designed [...]
PCI Council Starts a Quality-Control Program for Assessors
(November 17, 2008) The PCI Security Standards Council on Monday introduced a quality-assurance program for the companies that determine whether a merchant, processor, or other entity that touches credit and debit card data meets the council’s rules. The Wakefield, Mass.-based council’s aim is to ensure more uniform enforcement of the Payment Card Industry data-security standard, [...]
