Tag Archives: card

#PCI Compliance Changes Promote Log Management – Security from eWeek

The key revisions cover areas such as log management and scoping the environment to understand where cardholders reside. There were also revisions meant to enable organizations to develop a risk-based assessment approach based on their specific business circumstances as well as changes designed to appeal to small merchants to simplify their compliance efforts.

via PCI Compliance Changes Promote Log Management – Security from eWeek.

#PCI 2.0 Changes: The Good, The Bad And The Hashing

The first thing readers will notice when they open PCI Version 2.0 is an expanded section defining PCI scope. Version 2 requires merchants and processors to identify explicitly all the locations and flows of cardholder data annually before they begin their assessment. The specific instructions are to make sure that no data has leaked outside your defined cardholder data environment and, if you find any, that you either eliminate the data or include it in your assessment.

via StorefrontBacktalk » Blog Archive » PCI 2.0 Changes: The Good, The Bad And The Hashing.

An SMB Guide to Credit Card Regulations #PCI

This article is the first in a short series designed to help small businesses understand the regulations around securing credit card transactions, specifically the PCI DSS (Payment Card Industry’s Data Security Standard) requirements.

via An SMB Guide to Credit Card Regulations: Part I- PCI DSS Q&A – Security Views – Dark Reading.

PCI Compliance Should Be a ‘LifeStyle’

Merchants are most likely to remain compliant with the Payment Card Industry Data Security Standards and avoid data breaches if they adopt security as a “lifestyle,” according to a study released earlier this week by Verizon Business. Verizon Business provides audits and other PCI-related services.

via News.

PCI Council Offers Guidance On Point-To-Point Encryption – compliance/Security – DarkReading

In a new document, “Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance” (PDF), the standards group offers guidance on what organizations should look for when acquiring and purchasing encryption technology to protect credit cardholder data as it is authorized and transported into a database.

via PCI Council Offers Guidance On Point-To-Point Encryption – compliance/Security – DarkReading.

Will #PCI Outsourcing Kill Conversion Rates?

Small business ecommerce site owners cannot afford to slack off when it comes to the Payment Card Industry Data Security Standard (PCI DSS). Its strict security requirements make being PCI compliant challenging for small retailers, but PCI DSS is a standard that all organizations must follow when storing, processing and transmitting its customer’s credit card data.

One of the easiest ways to be PCI-compliant is to outsource payment processing and work with a payment provider who has the experience, systems and security in place that meets the PCI DSS standard. By outsourcing PCI compliance you basically remove the PCI burden from your small business to a trusted provider.

via Will PCI Outsourcing Kill Conversion Rates? — eCommerce-Guide.com.

Hotel systems breached and card info stolen all over the U.S.

The payment system at a number of properties of HEI Hospitality – the hospitality operator that runs over 30 upscale hotels across the U.S. under brand names as Marriott, Hilton, Sheraton and others – has been breached and card data of some 3,400 customers has been compromised, says Databreaches.net.

via Hotel systems breached and card info stolen all over the U.S..

Roundup of largest data breaches / incidents

records date organizations
130,000,000 2009-01-20 Heartland Payment Systems, Tower Federal Credit Union, Beverly National Bank
94,000,000 2007-01-17 TJX Companies Inc.
90,000,000 1984-06-01 TRW, Sears Roebuck
76,000,000 2009-10-05 National Archives and Records Administration
40,000,000 2005-06-19 CardSystems, Visa, MasterCard, American Express
26,500,000 2006-05-22 U.S. Department of Veterans Affairs
25,000,000 2007-11-20 HM Revenue and Customs, TNT
17,000,000 2008-10-06 T-Mobile, Deutsche Telekom
16,000,000 1986-11-01 Canada Revenue Agency
12,500,000 2008-03-26 LaSalle Bank, BNY Mellon Shareowner Services, Archive Systems Inc, The Walt Disney Company, SYNOVUS