The organization responsible for administering the Payment Card Industry Data Security Standard (PCI DSS) has launched a new program to help enterprises conduct self-assessments of their compliance with the standard.
The security council will train and certify IT security staff to conduct PCI compliance assessments on behalf of their companies.
via PCI council launches certification program for IT staff – Computerworld.
The clock is ticking! June 30, 2010 is the deadline for companies required to comply with the Payment Card Industry Data Security Standard (PCI DSS) to eliminate any use of Wired Equivalent Privacy (WEP) on their networks. This outdated standard uses insecure cryptography and hackers have clearly demonstrated the ability to penetrate WEP networks in a matter of seconds. With the release of PCI DSS 1.2 in late 2008, the PCI Security Standards Council set forth three new requirements for organizations using wireless networks:
* Use strong encryption and authentication for all wireless networks.
* Do not deploy any new WEP networks.
* Decommission any existing WEP networks by June 30, 2010.
via How to change from WEP to WPA for PCI DSS compliance.
Washington last week became the third state to pass legislation that will allow banks to recover certain costs and damages from retailers and credit card processors that suffer data breaches after failing to comply with current Payment Card Industry (PCI) standards.
The law, which goes into effect on July 1 in Washington, follows similar laws passed in the states of Minnesota and Nevada and marks a fundamental change in the way government and private sector industries assign responsibility and accountability for preventing identity theft.
via New Law Lets Banks Recover Data Breach Costs – www.esecurityplanet.com.
New research shows that 89 percent of UK companies are not compliant with the Payment Card Industry Data Security Standards.
via Up to 90% of UK companies may not comply with PCI security standards – Data control & Intellectual Property – ComputerworldUK.
Merchants that undergo network audits to ensure compliance with the Payment Card Industry Data Security Standards are paying an average of $225,000 each year — and 10% of these business are paying $500,000 or more annually, according to a new study. In spite of that, 2% of them fail these audits.
via Average annual cost of PCI compliance audit? $225k.
For instance, Section 7 of the Payment Card Industry Data Security Standard (PCI DSS) requires that access to cardholder data is restricted access by business “need-to-know.” This means that access rights are granted to only the least amount of data and privileges needed to perform a job. Section 7.1 of the PCI DSS limits access to system components and cardholder data to only those individuals whose job requires such access
via How to Implement Secure, PCI-Compliant Access Controls – Security from eWeek.
The Payment Card Industry data security standards, which influence design of networks where sensitive payment-card account data is stored, are expected to be further revised by the PCI Security Standards Council over the next few months.
Bob Russo, general manager of the PCI Security Standards Council, says that by early summer the organization expects to be able to issue a summary for a new PCI standard, which would go into effect in about October.
via PCI Security Standards Council readying new payment-card security standard.
PCI Security Standards Council general manager Bob Russo said the next revision of the Payment Card Industry Data Security Standard (PCI DSS), due in October, will contain clarifications but no major changes to the standard.
via No major PCI DSS revision expected in 2010.
The Payment Card Industry Security Standards Council (PCI SSC), under pressure from merchants to improve the training of its certified Qualified Security Assessors (QSA), has detailed plans to beef up its PCI QSA certification review process, adding much needed staff and funding to improve oversight of the individuals who conduct PCI Data Security Standard (DSS) compliance assessments.
via PCI QSAs, certifications to get new scrutiny.
On Jan 25th, the PCI Security Standards Council, a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) Security Requirements and the Payment Application Data Security Standard (PA-DSS), announced that Bruce Rutherford, group head, fraud management solutions, payment system integrity, MasterCard, has been appointed as the new chairperson of the PCI Security Standards Council. Rutherford will steer the Council as it works with industry stakeholders to create and release new standards in 2010.
via PCI DSS Names New Chair – DarkReading.