Visa Raises The Bar For PA-DSS Applications And Vendors
For example, using a PA-DSS validated application by itself does not make you PCI compliant. Rather, you still need to implement the application according to the vendor’s implementation guide (which is sometimes an issue when resellers are involved), and you have to implement it in a PCI-compliant environment. via StorefrontBacktalk » Blog Archive » Visa [...]
More On PCI DSS 2.0 « #PCI
The biggest news out of this presentation is that requirement 6.5 will now apply to all in-scope applications, not just Internet-facing or browser-based applications. Based on all of the breach research that has been conducted, they have finally realized that any application in the cardholder data environment (CDE) is a potential hazard, not just those [...]
Visa Provides Guidance on Secure Implementation and Management of Payment Applications — SAN FRANCISCO, Aug. 24 /PRNewswire/ –
Visa today announced global industry best practices for payment application vendors, integrators and resellers that implement, install or manage payment-related systems on behalf of merchants. The best practices developed by Visa in collaboration with the SANS Institute are designed to complement the Payment Card Industry (PCI) Payment Application Data Security Standard (PA-DSS). via Visa Provides [...]
PCI Update Gets Mixed Reviews
There’s one section in the standard that is more important than any other, says Tom Wills, security and fraud senior analyst at Javelin Strategy and Research. Requirement 6.2 – “apply a risk-based approach for addressing vulnerabilities” – needs to become the over-arching requirement in the entire standard, he says. “This would mean all security controls [...]
Changes to PCI Data Security Standard leave questions unanswered
“But what is glaringly lacking is progress on the hard and most important issues, including the implications of adopting alternative technologies” on PCI compliance requirements, she said. According to Litan, many Gartner clients are trying to understand whether their adoption of new technologies such as chip cards, tokenization and end-to-end encryption will limit the scope [...]
PCI DSS and PA-DSS 2.0 Are Here – Almost
Well the long wait is beginning to end as the PCI SSC let us see some more information on the new PCI DSS and PA-DSS. On August 12, the PCI SSC drew back the curtain on PCI DSS 2.0 and PA-DSS 2.0 by issuing a Summary of Changes document. via PCI DSS and PA-DSS 2.0 [...]
PCI DSS 2.0 – Emphasis on Card Data Discovery (CDD)
“They’ll say, ‘we found data on the most obscure parts of our network, we had no idea it was there,’” Russo says. “We need some methodology to find cardholder data.” Recommendations for that will include data-loss prevention technologies or discovery tools to find cardholder data, Russo says. via Revisions to credit card security standard on [...]
I Wonder If My Card Issuer Has A ROC?
The question is, because issuers demand retailers and service providers be PCI compliant, should they not practice the same discipline, go through the same process and lead the way by complying with the same guidelines to protect cardholder data? Let’s look at each of the three reasons I think issuers should want to ensure they [...]
QSA’s View on PCI Compliance for Mail Orders
Many orders still flow through this payment channel and, as is the case with all cardholder data, it must be secured, handled in compliance with the PCI DSS via QSA’s View on PCI Compliance for Mail Orders.
13 essential steps to integrating control frameworks – CSO Online
# The organization must understand which frameworks or framework elements are needed to address, at a minimum, the critical security concerns. When addressing control requirements, more is not necessarily better, and each additional control entity represents an investment in time, money, and effort. # Choose a base framework to use. An organization should identify a [...]
