Frustrated, I asked the participants at my last meeting, “If not the PCI standards, then what standard do you want to follow to ensure the security of cardholder data?” Roaring silence.
via If Not The PCI Standards, Then What? « PCI Guru.
Tag Archives: card
If Not The PCI Standards, Then What? « PCI Guru
Posted by compliancesoftware
on March 1, 2011
No comments
Visa excludes U.S. merchants to spur secure card adoption – Computerworld
Posted by compliancesoftware
on February 11, 2011
No comments
Visa has excluded U.S. businesses from a worldwide program that encourages merchants to deploy more secure payment terminals, because of what it claims is the uncertainty surrounding new debit card rules.
via Visa excludes U.S. merchants to spur secure card adoption – Computerworld.
Nominations Open for PCI Board
Posted by compliancesoftware
on January 30, 2011
No comments
The PCI Security Standards Council (PCI SSC), which oversees the PCI (Payment Card Industry) Data Security Standard that card-accepting retailers must follow, today announced that nominations for election to the 2011-2013 PCI SSC board of advisors are now being accepted
via Nominations Open for PCI Board.
2011 Card Skimming Fraud Threats #PCI
Posted by compliancesoftware
on December 15, 2010
No comments
What’s interesting is that the criminals are now using cryptographic technology to protect the card information they steal, and that’s posing challenges for detection and law enforcement
via 2011 Card Skimming Fraud Threats.
Amazon Web Services achieves Level 1 PCI compliance
Posted by compliancesoftware
on December 7, 2010
No comments
Amazon Web Services LLC AWS, a subsidiary of Amazon.com recently announced it has achieved Level 1 compliance with the Payment Card Industry PCI Data Security Standard DSS. Merchants and other service providers can now run their applications on AWS PCI-compliant technology infrastructure to store, process and transmit credit card information in the cloud. Customers can use AWS cloud infrastructure
via InformationWeek – Cloud Computing – Amazon Web Services achieves Level 1 PCI compliance.
How safe is your card over the internet this Xmas? | UK Telecoms News | Phone System News | 08 Number News
Posted by compliancesoftware
on November 28, 2010
No comments
The most stressful season of the year is upon us. Yep, Christmas time, the season of joy, goodwill, and happiness. Ironically though, many people find the festive season a financially stressful time. More people these days are buying gifts online, to beat the high prices at the local stores wavering from the economic downturn.
Malaysian man charged with hacking into bank systems – SC Magazine US
Posted by compliancesoftware
on November 19, 2010
No comments
A Malaysian man was indicted Thursday on charges he hacked into the networks of a number of financial institutions, including the Federal Reserve Bank of Cleveland, and amassed some 400,000 stolen credit and debit card numbers, according to federal prosecutors.
via Malaysian man charged with hacking into bank systems – SC Magazine US.
Industry Leaders Publish Reference Architecture for #PCI DSS 2.0 Compliant Clouds – MarketWatch
Posted by compliancesoftware
on November 4, 2010
No comments
HyTrust, Cisco, VMware, Savvis and Coalfire Outline Configuration Guidelines to Meet the New Requirements Following Publication of New Payment Card Industry Data Security Standard
via Industry Leaders Publish Reference Architecture for PCI DSS 2.0 Compliant Clouds – MarketWatch.
Things To Look Out For In New #PCI Version 2.0 – DarkReading
Posted by compliancesoftware
on October 29, 2010
No comments
PCI is further redefining what a hardware terminal is: It’s supposed to take payments outside of the PCI card data environment so you don’t have to do any monitoring of them,” he says. “But we’ve seen outbreaks of tampering [of devices] to capture cardholder data … they are changing the definition, which could bring a lot of intelligent terminals collecting payments brought into [PCI]
via Things To Look Out For In New PCI Version 2.0 – DarkReading.
PCI DSS 2.0 Card Data Locations and Data Flow
Posted by compliancesoftware
on October 28, 2010
No comments
According to the recently published PCI DSS 2.0:
“The first step of a PCI DSS assessment is to accurately determine the scope of the review. At least annually and prior to the annual assessment, the assessed entity should confirm the accuracy of their PCI DSS scope by identifying all locations and flows of cardholder data and ensuring they are included in the PCI DSS scope. To confirm the accuracy and appropriateness of PCI DSS scope, perform the following:
The assessed entity identifies and documents the existence of all cardholder data in their environment, to verify that no cardholder data exists outside of the currently defined cardholder data environment (CDE).
Once all locations of cardholder data are identified and documented, the entity uses the results to verify that PCI DSS scope is appropriate (for example, the results may be a diagram or an inventory of cardholder data locations).
The entity considers any cardholder data found to be in scope of the PCI DSS assessment and part of the CDE unless such data is deleted or migrated/consolidated into the currently defined CDE.
The entity retains documentation that shows how PCI DSS scope was confirmed and the results, for assessor review and/or for reference during the next annual PCI SCC scope confirmation activity.”