Visa today announced global industry best practices for payment application vendors, integrators and resellers that implement, install or manage payment-related systems on behalf of merchants. The best practices developed by Visa in collaboration with the SANS Institute are designed to complement the Payment Card Industry (PCI) Payment Application Data Security Standard (PA-DSS).
It’s going to be called the Payment Card Industry Data Security Standard 2.0, and the full-blown text of this upcoming standard that governs how businesses must guard sensitive cardholder information on their networks will be out at the beginning of September, according to the organization in charge of it.
Health Net of the Northeast will pay $250,000 in fines to Connecticut as part of a settlement regarding a lost or stolen hard-drive that contained medical records and personal information of 1.5 million people, including 446,000 in Connecticut.
Merchants have gained some welcome breathing room for complying with PCI: The PCI Standards Council today announced its standards cycle will move from a two- to three-year cycle.The extra year between new versions of the PCI DSS, PA-DSS, and PCI DTS standards came in response to complaints from merchants and others in the secure payment industry that the current schedule of releasing new requirements every two years was too tight.
With every company reliant on software to run its business, an alarming rise in data breach incidents across industries, but especially credit card processing, means application security is becoming an increasingly critical part of any organisation’s overall IT security strategy. For organisations that store, transmit or process credit card information, it is vital as they must be able to demonstrate compliance with the Payment Card Industry Data Security Standards (PCI DSS).
With evidence mounting of flagrant abuses of PCI-DSS security standards, two attorneys are on the verge of announcing the official filing of a national lawsuit against one of the hospitality industry’s biggest point-of-sale (POS) technology providers and one of its system resellers. The targets of the upcoming legal action will be Restaurant Data Concepts, Inc. of Warwick, Rhode Island – creators of the POSitouch™ system – and CC Productions of Hoboken, New Jersey, the reseller. POSitouch technology is installed in more than 20,000 restaurants nationwide.
The health care industry can soon expect a greater emphasis on enforcing the HIPAA security rule than in years past.
That’s the message that Susan McAndrew, deputy director for privacy at the Department of Health and Human Services’ Office for Civil Rights, delivered May 11 at the Safeguarding Health Information conference in Washington. OCR sponsored the conference with the National Institute of Standards and Technology.
The organization responsible for administering the Payment Card Industry Data Security Standard (PCI DSS) has launched a new program to help enterprises conduct self-assessments of their compliance with the standard.
The security council will train and certify IT security staff to conduct PCI compliance assessments on behalf of their companies.
The clock is ticking! June 30, 2010 is the deadline for companies required to comply with the Payment Card Industry Data Security Standard (PCI DSS) to eliminate any use of Wired Equivalent Privacy (WEP) on their networks. This outdated standard uses insecure cryptography and hackers have clearly demonstrated the ability to penetrate WEP networks in a matter of seconds. With the release of PCI DSS 1.2 in late 2008, the PCI Security Standards Council set forth three new requirements for organizations using wireless networks:
* Use strong encryption and authentication for all wireless networks.
* Do not deploy any new WEP networks.
* Decommission any existing WEP networks by June 30, 2010.
Cloud computing lacks standards about data handling and security practices, and even whether a vendor has an obligation to tell users whether their data is in the U.S. or not. And the industry is only beginning to sort out these issues through groups, such as the year-old Cloud Security Alliance.