The key revisions cover areas such as log management and scoping the environment to understand where cardholders reside. There were also revisions meant to enable organizations to develop a risk-based assessment approach based on their specific business circumstances as well as changes designed to appeal to small merchants to simplify their compliance efforts.
The first thing readers will notice when they open PCI Version 2.0 is an expanded section defining PCI scope. Version 2 requires merchants and processors to identify explicitly all the locations and flows of cardholder data annually before they begin their assessment. The specific instructions are to make sure that no data has leaked outside your defined cardholder data environment and, if you find any, that you either eliminate the data or include it in your assessment.
This article is the first in a short series designed to help small businesses understand the regulations around securing credit card transactions, specifically the PCI DSS (Payment Card Industry’s Data Security Standard) requirements.
The Payment Card Industry’s Security Standards Council may be doing a good job helping lock down larger retailers, but the smaller “Mom and Pop” merchants are becoming the new targets of cyber criminals, says a PCI expert.
Merchants are most likely to remain compliant with the Payment Card Industry Data Security Standards and avoid data breaches if they adopt security as a “lifestyle,” according to a study released earlier this week by Verizon Business. Verizon Business provides audits and other PCI-related services.
In a new document, “Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance” (PDF), the standards group offers guidance on what organizations should look for when acquiring and purchasing encryption technology to protect credit cardholder data as it is authorized and transported into a database.
Small business ecommerce site owners cannot afford to slack off when it comes to the Payment Card Industry Data Security Standard (PCI DSS). Its strict security requirements make being PCI compliant challenging for small retailers, but PCI DSS is a standard that all organizations must follow when storing, processing and transmitting its customer’s credit card data.
One of the easiest ways to be PCI-compliant is to outsource payment processing and work with a payment provider who has the experience, systems and security in place that meets the PCI DSS standard. By outsourcing PCI compliance you basically remove the PCI burden from your small business to a trusted provider.
Beginning Sept. 30, Visa will require merchants and related businesses to conduct wireless security scans to prove compliance with version 1.2 of the PCI Data Security Standard (PCI DSS) which is designed to safeguard cardholder data from wireless threats.
The payment system at a number of properties of HEI Hospitality – the hospitality operator that runs over 30 upscale hotels across the U.S. under brand names as Marriott, Hilton, Sheraton and others – has been breached and card data of some 3,400 customers has been compromised, says Databreaches.net.
|130,000,000||2009-01-20||Heartland Payment Systems, Tower Federal Credit Union, Beverly National Bank|
|94,000,000||2007-01-17||TJX Companies Inc.|
|90,000,000||1984-06-01||TRW, Sears Roebuck|
|76,000,000||2009-10-05||National Archives and Records Administration|
|40,000,000||2005-06-19||CardSystems, Visa, MasterCard, American Express|
|26,500,000||2006-05-22||U.S. Department of Veterans Affairs|
|25,000,000||2007-11-20||HM Revenue and Customs, TNT|
|17,000,000||2008-10-06||T-Mobile, Deutsche Telekom|
|16,000,000||1986-11-01||Canada Revenue Agency|
|12,500,000||2008-03-26||LaSalle Bank, BNY Mellon Shareowner Services, Archive Systems Inc, The Walt Disney Company, SYNOVUS|