Tag Archives: PCI

uPromise and FTC

Posted by on January 12, 2012 No comments

The FTC alleged that after the personalized offers feature was enabled, extensive information was collected from the user and transmitted to Upromise, including the names of all websites visited, all links clicked by the user and information that users entered into certain web pages, such as usernames, passwords, search terms, credit card information, expiration dates, security codes and social security numbers.  The FTC alleged that there was no way a user would be able to detect the extent of the data being collected by the Upromise software without special software and technical expertise

via Privacy & Security Matters | Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney.

Study sees 8 percent rise in unencrypted payment card data

Posted by on December 20, 2011 No comments

A study published today by merchant data security leader SecurityMetrics shows 71 percent of merchants who entered the study were found to store unencrypted payment card data in 2011, which is an increase of 8 percent since 2010.

via Study sees 8 percent rise in unencrypted payment card data | TechJournal South.

2011 PCI Community Meetings Break Record for Number of Attendees #pcicm

Posted by on October 20, 2011 No comments

Marking the PCI Council’s 5th year in existence, close to 1600 stakeholders representing 650 organizations globally attended the 2011 meetings, compared with 323 at the Council’s first gathering in 2007

via 2011 PCI Community Meetings Break Record for Number of Attendees – MarketWatch.

This Year’s PCI SSC SIG Proposals

Posted by on October 20, 2011 No comments

At the Special Interest Group (SIG) session at this year’s PCI Community Meeting, a number of presentations were made regarding the potential PCI SIG topics that will be addressed in the coming year.

via This Year’s PCI SSC SIG Proposals « PCI Guru.

PCI Expands Encryption Standards to Mobile Payment Card Readers

Posted by on October 18, 2011 No comments

There are already hundreds of devices, such as the Square that clips on to a mobile phone, to enable remote mobile acceptance of credit cards, says Bob Russo, general manager, PCI Security Standards Council

via PCI Expands Encryption Standards to Mobile Payment Card Readers | Retail News | RIS News: Business/Technology Insights for Retail, Supermarket Executives.

Going cheap: stolen credit cards

Posted by on October 12, 2011 No comments

Security specialists Imperva has reported that it’s found stolen card for as little as $2 for a Visa card, climbing up to $6 for a Discovery card. The particular site selling these details is not, I would argue, at the cheap end of the market

via Going cheap: stolen credit cards | DaniWeb.

The (EMV/Contactless) World According To Visa « PCI Guru

Posted by on September 24, 2011 No comments

The PCI SSC stated that while Visa is not requiring merchants to file a ROC or AOC, the merchant still has to ensure that it is PCI DSS compliant.  This means that the merchant still must go through the PCI compliance assessment process of a ROC or respective SAQ to ensure that their controls are functioning properly.

via The (EMV/Contactless) World According To Visa « PCI Guru.

PCI point-to-point encryption guidelines raise new questions

Posted by on September 15, 2011 No comments

The PCI Security Standards Council today is expected to issue guidelines on use of point-to-point encryption in protecting sensitive payment card data, but the narrow approach — which is focused on hardware — is raising questions.

via PCI point-to-point encryption guidelines raise new questions.

Q&A: Teresa Carlson of Amazon Web Services Discusses GovCloud | WHIR Web Hosting Industry News

Posted by on September 7, 2011 No comments

The new AWS GovCloud Region offers the same high level of security as other AWS Regions and supports existing AWS security controls and certifications such as FISMA, SAS-70 Type II, ISO 27001, FIPS 140-2 compliant end points, and PCI DSS Level 1

via Q&A: Teresa Carlson of Amazon Web Services Discusses GovCloud | WHIR Web Hosting Industry News.

Kicked Out Of “The Club” #PCI

Posted by on August 22, 2011 No comments

A Qualified Security Assessor Company (QSAC) has finally had their status revoked by the PCI SSC.  In a little noticed release dated August 4, 2011, the PCI SSC announced through an FAQ that as of August 3, 2011, Chief Security Officers (CSO) of Scottsdale, Arizona is no longer a QSAC.

via Kicked Out Of “The Club” « PCI Guru.