Merchants have gained some welcome breathing room for complying with PCI: The PCI Standards Council today announced its standards cycle will move from a two- to three-year cycle.The extra year between new versions of the PCI DSS, PA-DSS, and PCI DTS standards came in response to complaints from merchants and others in the secure payment industry that the current schedule of releasing new requirements every two years was too tight.
A new measure to strengthen credit card data protection was released by the PCI Security Standards Council today.
Version 3.0 of the PIN Transaction Security (PTS) Point of Interaction (POI) standard is designed to streamline and simplify testing and implementation by providing a single set of modular evaluation requirements for all Personal Identification Number (PIN) acceptance Point of Interaction terminals. This standard is meant to enhance and prevent payment card fraud on devices that accept payment transactions and will cover everything from retail point of sale card readers to unattended payment terminals at gas stations and parking lots.
eGestalt has announced the availability of SecureGRC, a solution that provides an end-to-end integration of security monitoring with IT-Governance, Risk Management and Compliance (IT-GRC) management solutions using a cloud-based delivery model.
On Jan 25th, the PCI Security Standards Council, a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) Security Requirements and the Payment Application Data Security Standard (PA-DSS), announced that Bruce Rutherford, group head, fraud management solutions, payment system integrity, MasterCard, has been appointed as the new chairperson of the PCI Security Standards Council. Rutherford will steer the Council as it works with industry stakeholders to create and release new standards in 2010.
Heartland Payment Systems agrees to pay as much as $60 million to Visa to address losses by credit and debit cardholders affected by the data breach Heartland suffered in 2008.
Heartland Payment Systems on Jan. 8 announced that it has agreed to pay up to $60 million to Visa to cover losses to credit and debit cardholders affected by the massive data breach Heartland suffered in 2008
Today, the PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) Security Requirements and the Payment Application Data Security Standard (PA-DSS), announced the launch of a new PCI SSC micro site, providing resources to secure payment card data in eight languages.
Many Level 2 merchants are just now realizing that their PCI world has changed. Under rules announced this summer, Level 2 MasterCard merchants—like their Level 1 brethren—will require an onsite assessment by a QSA starting in 2010.
ane W. Duke, United States Attorney for the Eastern District of Arkansas, along with Thomas J. Browne, Special-Agent-in-Charge of the Little Rock Division of the Federal Bureau of Investigation, announced today the sentencings of Dr. Jay Holland, of Little Rock, Arkansas; Sarah Elizabeth Miller, of England, Arkansas; and Candida Griffin, of Little Rock, Arkansas. United States Magistrate Judge Henry L. Jones, Jr. sentenced Holland to one year of probation, a $5,000 fine to be paid in 60 days, and 50 hours of community service educating professionals on HIPAA. Miller was sentenced to one year probation and a $2,500 fine payable in installments. Griffin was sentenced to one year probation and a $1,500 fine payable in installments.
The conventional wisdom is that when large vendors enter a niche market, those vendors “legitimize” that market. But the announcement that First Data and RSA Security are getting into the credit card tokenization business raises many issues beyond them simply “making” the tokenization market.
Authority for enforcing the security provisions of the Health Insurance Portability and Accountability Act of 1996 has been moved from the CMS, and consolidated with HIPAA privacy enforcement, to the Civil Rights Office at HHS, according to an announcement in the Federal Register.