3-D Secure (3DS) – Verified by Visa insecure
Security Researchers in the UK say that the 3-D Secure (3DS) system for credit card authorization, a protocol that was “developed by Visa to improve the security of Internet payments,” has significant security weaknesses. It is used by both of the ginormous card brands, known as “Verified by Visa” and “MasterCard SecureCode.” via The Forrester Blog [...]
PCI DSS Names New Chair
On Jan 25th, the PCI Security Standards Council, a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) Security Requirements and the Payment Application Data Security Standard (PA-DSS), announced that Bruce Rutherford, group head, fraud management solutions, payment system integrity, MasterCard, has been [...]
MasterCard: December PCI Deadline Change Not For Holiday Conflict
MasterCard’s decision to reverse itself on its end of year 2010 deadline for new Level 2 PCI requirements was not based on retail complaints or on avoiding the hectic holiday period for merchants, according to a key MasterCard manager heading up the effort. Instead, the change was based on giving retailers more time to work [...]
MasterCard Blinks, Drops Dec. 31 Level 2 PCI Deadline
The first MasterCard change made this month was pushing the Dec. 31, 2010, deadline back six months, to June 30, 2011. But MasterCard has also made two other key PCI changes. It has redefined what Level a retailer is (Level 1, 2, 3 or 4) to explicitly mirror whatever level Visa has determined. (The language [...]
PCI Human Train Wreck Coming Next Year For Level 2s
Many Level 2 merchants are just now realizing that their PCI world has changed. Under rules announced this summer, Level 2 MasterCard merchants—like their Level 1 brethren—will require an onsite assessment by a QSA starting in 2010. via StorefrontBacktalk » Blog Archive » PCI Human Train Wreck Coming Next Year For Level 2s.
MasterCard Vs. Visa: Dueling Compliance Philosophies
People don’t seem to “get” MasterCard. For most of the last 4 years, MasterCard has been criticized for their apparent willingness to let Visa play the “bad guy” who issues fines to acquiring banks (and, through them, to merchants), who extends the PCI standards to application vendors (through PABP, now PA-DSS) and who generally takes [...]
MasterCard Becomes The First Card Brand To Publish PCI Fines
The noncompliance assessment structure now contains escalating assessments per violation within a calendar year,” said the document sent to members earlier this summer. “Maximum assessments for initial noncompliance for Level 2 and Level 3 merchants have increased to $25,000 and $10,000, respectively. Furthermore, the $500,000 annual aggregate maximum for acquirer noncompliance assessments related to program [...]
MasterCard seeks to clarify remote POS security upgrades policy #PCI
MasterCard today clarified a June 15 bulletin about the use of remote key injection (RKI) services for upgrading encryption protocols on merchants’ point of sale (POS) terminals, saying it was not an edict. via MasterCard seeks to clarify remote POS security upgrades policy.
MasterCard halts remote POS security upgrades #PCI
In a purported second major security change in recent weeks, MasterCard has decided to disallow merchants’ use of remote key injection (RKI) services to install new encryption keys on point-of-sale (POS) systems, says a Gartner analyst. via MasterCard halts remote POS security upgrades.
Making PCI Stand For Coordination & Impact : Daniel Wallace
Onsite PCI assessments are not cheap. First make certain that you have to comply with the onsite assessment requirement. Although all of the major card brands are partners in PCI-DSS the number of transactions are counted by individual card brand. For example, a merchant that processes 2 million credit card transactions will not necessarily be [...]
