Visa Provides Guidance on Secure Implementation and Management of Payment Applications — SAN FRANCISCO, Aug. 24 /PRNewswire/ –
Visa today announced global industry best practices for payment application vendors, integrators and resellers that implement, install or manage payment-related systems on behalf of merchants. The best practices developed by Visa in collaboration with the SANS Institute are designed to complement the Payment Card Industry (PCI) Payment Application Data Security Standard (PA-DSS). via Visa Provides [...]
Revisions to credit card security standard on the way
It’s going to be called the Payment Card Industry Data Security Standard 2.0, and the full-blown text of this upcoming standard that governs how businesses must guard sensitive cardholder information on their networks will be out at the beginning of September, according to the organization in charge of it. via Revisions to credit card security [...]
Do You Have What It Takes To Pass Your Payment Card Industry Audit? #PCI
With every company reliant on software to run its business, an alarming rise in data breach incidents across industries, but especially credit card processing, means application security is becoming an increasingly critical part of any organisation’s overall IT security strategy. For organisations that store, transmit or process credit card information, it is vital as they [...]
PCI council launches certification program for IT staff
The organization responsible for administering the Payment Card Industry Data Security Standard (PCI DSS) has launched a new program to help enterprises conduct self-assessments of their compliance with the standard. The security council will train and certify IT security staff to conduct PCI compliance assessments on behalf of their companies. via PCI council launches certification [...]
Deadline to disable WEP for PCI DSS compliance
The clock is ticking! June 30, 2010 is the deadline for companies required to comply with the Payment Card Industry Data Security Standard (PCI DSS) to eliminate any use of Wired Equivalent Privacy (WEP) on their networks. This outdated standard uses insecure cryptography and hackers have clearly demonstrated the ability to penetrate WEP networks in [...]
New Law Lets Banks Recover Data Breach Costs – www.esecurityplanet.com
Washington last week became the third state to pass legislation that will allow banks to recover certain costs and damages from retailers and credit card processors that suffer data breaches after failing to comply with current Payment Card Industry (PCI) standards. The law, which goes into effect on July 1 in Washington, follows similar laws [...]
Up to 90% of UK companies may not comply with PCI security standards – Data control & Intellectual Property – ComputerworldUK
New research shows that 89 percent of UK companies are not compliant with the Payment Card Industry Data Security Standards. via Up to 90% of UK companies may not comply with PCI security standards – Data control & Intellectual Property – ComputerworldUK.
Average annual cost of PCI compliance audit? $225k
Merchants that undergo network audits to ensure compliance with the Payment Card Industry Data Security Standards are paying an average of $225,000 each year — and 10% of these business are paying $500,000 or more annually, according to a new study. In spite of that, 2% of them fail these audits. via Average annual cost [...]
How to Implement Secure, PCI-Compliant Access Controls – Security from eWeek
For instance, Section 7 of the Payment Card Industry Data Security Standard (PCI DSS) requires that access to cardholder data is restricted access by business “need-to-know.” This means that access rights are granted to only the least amount of data and privileges needed to perform a job. Section 7.1 of the PCI DSS limits access [...]
PCI Security Standards Council readying new payment-card security standard
The Payment Card Industry data security standards, which influence design of networks where sensitive payment-card account data is stored, are expected to be further revised by the PCI Security Standards Council over the next few months. Bob Russo, general manager of the PCI Security Standards Council, says that by early summer the organization expects to [...]
