Tag Archives: card

If Not The PCI Standards, Then What? « PCI Guru

Frustrated, I asked the participants at my last meeting, “If not the PCI standards, then what standard do you want to follow to ensure the security of cardholder data?”  Roaring silence.

via If Not The PCI Standards, Then What? « PCI Guru.

Amazon Web Services achieves Level 1 PCI compliance

Amazon Web Services LLC AWS, a subsidiary of Amazon.com recently announced it has achieved Level 1 compliance with the Payment Card Industry PCI Data Security Standard DSS. Merchants and other service providers can now run their applications on AWS PCI-compliant technology infrastructure to store, process and transmit credit card information in the cloud. Customers can use AWS cloud infrastructure

via InformationWeek – Cloud Computing – Amazon Web Services achieves Level 1 PCI compliance.

How safe is your card over the internet this Xmas? | UK Telecoms News | Phone System News | 08 Number News

The most stressful season of the year is upon us. Yep, Christmas time, the season of joy, goodwill, and happiness. Ironically though, many people find the festive season a financially stressful time. More people these days are buying gifts online, to beat the high prices at the local stores wavering from the economic downturn.

via How safe is your card over the internet this Xmas? | UK Telecoms News | Phone System News | 08 Number News.

Things To Look Out For In New #PCI Version 2.0 – DarkReading

PCI is further redefining what a hardware terminal is: It’s supposed to take payments outside of the PCI card data environment so you don’t have to do any monitoring of them,” he says. “But we’ve seen outbreaks of tampering [of devices] to capture cardholder data … they are changing the definition, which could bring a lot of intelligent terminals collecting payments brought into [PCI]

via Things To Look Out For In New PCI Version 2.0 – DarkReading.

PCI DSS 2.0 Card Data Locations and Data Flow

According to the recently published PCI DSS 2.0:

“The first step of a PCI DSS assessment is to accurately determine the scope of the review. At least annually and prior to the annual assessment, the assessed entity should confirm the accuracy of their PCI DSS scope by identifying all locations and flows of cardholder data and ensuring they are included in the PCI DSS scope. To confirm the accuracy and appropriateness of PCI DSS scope, perform the following:
 The assessed entity identifies and documents the existence of all cardholder data in their environment, to verify that no cardholder data exists outside of the currently defined cardholder data environment (CDE).
 Once all locations of cardholder data are identified and documented, the entity uses the results to verify that PCI DSS scope is appropriate (for example, the results may be a diagram or an inventory of cardholder data locations).
 The entity considers any cardholder data found to be in scope of the PCI DSS assessment and part of the CDE unless such data is deleted or migrated/consolidated into the currently defined CDE.
 The entity retains documentation that shows how PCI DSS scope was confirmed and the results, for assessor review and/or for reference during the next annual PCI SCC scope confirmation activity.”