Visa offers new guidance on securing payment applications – Computerworld
Visa on Tuesday announced a set of security best practices for vendors of payment applications and for the systems integrators and resellers responsible for implementing and managing them. The guidelines are designed to address continuing vulnerabilities in the payment chain stemming from insecure implementations of the applications that are used in credit and debit card [...]
More On PCI DSS 2.0 « #PCI
The biggest news out of this presentation is that requirement 6.5 will now apply to all in-scope applications, not just Internet-facing or browser-based applications. Based on all of the breach research that has been conducted, they have finally realized that any application in the cardholder data environment (CDE) is a potential hazard, not just those [...]
Visa Provides Guidance on Secure Implementation and Management of Payment Applications — SAN FRANCISCO, Aug. 24 /PRNewswire/ –
Visa today announced global industry best practices for payment application vendors, integrators and resellers that implement, install or manage payment-related systems on behalf of merchants. The best practices developed by Visa in collaboration with the SANS Institute are designed to complement the Payment Card Industry (PCI) Payment Application Data Security Standard (PA-DSS). via Visa Provides [...]
Changes to PCI Data Security Standard leave questions unanswered
“But what is glaringly lacking is progress on the hard and most important issues, including the implications of adopting alternative technologies” on PCI compliance requirements, she said. According to Litan, many Gartner clients are trying to understand whether their adoption of new technologies such as chip cards, tokenization and end-to-end encryption will limit the scope [...]
PCI DSS 2.0 – Emphasis on Card Data Discovery (CDD)
“They’ll say, ‘we found data on the most obscure parts of our network, we had no idea it was there,’” Russo says. “We need some methodology to find cardholder data.” Recommendations for that will include data-loss prevention technologies or discovery tools to find cardholder data, Russo says. via Revisions to credit card security standard on [...]
Revisions to credit card security standard on the way
It’s going to be called the Payment Card Industry Data Security Standard 2.0, and the full-blown text of this upcoming standard that governs how businesses must guard sensitive cardholder information on their networks will be out at the beginning of September, according to the organization in charge of it. via Revisions to credit card security [...]
I Wonder If My Card Issuer Has A ROC?
The question is, because issuers demand retailers and service providers be PCI compliant, should they not practice the same discipline, go through the same process and lead the way by complying with the same guidelines to protect cardholder data? Let’s look at each of the three reasons I think issuers should want to ensure they [...]
QSA’s View on PCI Compliance for Mail Orders
Many orders still flow through this payment channel and, as is the case with all cardholder data, it must be secured, handled in compliance with the PCI DSS via QSA’s View on PCI Compliance for Mail Orders.
Merchants lose $89m in credit card fraud
THE huge growth in the payment of goods or services over the internet, or by phone or mail, is responsible for the loss by merchants of about $89 million last year through fraud when credit cards used in a business transaction are not seen by the seller. via Merchants lose $89m in credit card fraud [...]
Visa Clarifies Security Rules
This week Visa Inc. said it’s going to reduce unnecessary storage of sensitive card information in merchant payment systems. Specifically, Visa is clarifying that existing operating regulations ensure acquirers and issuers allow merchants to present a truncated, disguised or masked card number on a transaction receipt for dispute resolution in place of the full 16-digit [...]
