Frustrated, I asked the participants at my last meeting, “If not the PCI standards, then what standard do you want to follow to ensure the security of cardholder data?” Roaring silence.
Visa has excluded U.S. businesses from a worldwide program that encourages merchants to deploy more secure payment terminals, because of what it claims is the uncertainty surrounding new debit card rules.
The PCI Security Standards Council (PCI SSC), which oversees the PCI (Payment Card Industry) Data Security Standard that card-accepting retailers must follow, today announced that nominations for election to the 2011-2013 PCI SSC board of advisors are now being accepted
What’s interesting is that the criminals are now using cryptographic technology to protect the card information they steal, and that’s posing challenges for detection and law enforcement
Amazon Web Services LLC AWS, a subsidiary of Amazon.com recently announced it has achieved Level 1 compliance with the Payment Card Industry PCI Data Security Standard DSS. Merchants and other service providers can now run their applications on AWS PCI-compliant technology infrastructure to store, process and transmit credit card information in the cloud. Customers can use AWS cloud infrastructure
The most stressful season of the year is upon us. Yep, Christmas time, the season of joy, goodwill, and happiness. Ironically though, many people find the festive season a financially stressful time. More people these days are buying gifts online, to beat the high prices at the local stores wavering from the economic downturn.
A Malaysian man was indicted Thursday on charges he hacked into the networks of a number of financial institutions, including the Federal Reserve Bank of Cleveland, and amassed some 400,000 stolen credit and debit card numbers, according to federal prosecutors.
HyTrust, Cisco, VMware, Savvis and Coalfire Outline Configuration Guidelines to Meet the New Requirements Following Publication of New Payment Card Industry Data Security Standard
PCI is further redefining what a hardware terminal is: It’s supposed to take payments outside of the PCI card data environment so you don’t have to do any monitoring of them,” he says. “But we’ve seen outbreaks of tampering [of devices] to capture cardholder data … they are changing the definition, which could bring a lot of intelligent terminals collecting payments brought into [PCI]
According to the recently published PCI DSS 2.0:
“The first step of a PCI DSS assessment is to accurately determine the scope of the review. At least annually and prior to the annual assessment, the assessed entity should confirm the accuracy of their PCI DSS scope by identifying all locations and flows of cardholder data and ensuring they are included in the PCI DSS scope. To confirm the accuracy and appropriateness of PCI DSS scope, perform the following:
The assessed entity identifies and documents the existence of all cardholder data in their environment, to verify that no cardholder data exists outside of the currently defined cardholder data environment (CDE).
Once all locations of cardholder data are identified and documented, the entity uses the results to verify that PCI DSS scope is appropriate (for example, the results may be a diagram or an inventory of cardholder data locations).
The entity considers any cardholder data found to be in scope of the PCI DSS assessment and part of the CDE unless such data is deleted or migrated/consolidated into the currently defined CDE.
The entity retains documentation that shows how PCI DSS scope was confirmed and the results, for assessor review and/or for reference during the next annual PCI SCC scope confirmation activity.”