The PCI SSC stated that while Visa is not requiring merchants to file a ROC or AOC, the merchant still has to ensure that it is PCI DSS compliant. This means that the merchant still must go through the PCI compliance assessment process of a ROC or respective SAQ to ensure that their controls are functioning properly.
via The (EMV/Contactless) World According To Visa « PCI Guru.
The PCI Security Standards Council today is expected to issue guidelines on use of point-to-point encryption in protecting sensitive payment card data, but the narrow approach — which is focused on hardware — is raising questions.
via PCI point-to-point encryption guidelines raise new questions.
The new AWS GovCloud Region offers the same high level of security as other AWS Regions and supports existing AWS security controls and certifications such as FISMA, SAS-70 Type II, ISO 27001, FIPS 140-2 compliant end points, and PCI DSS Level 1
via Q&A: Teresa Carlson of Amazon Web Services Discusses GovCloud | WHIR Web Hosting Industry News.
A Qualified Security Assessor Company (QSAC) has finally had their status revoked by the PCI SSC. In a little noticed release dated August 4, 2011, the PCI SSC announced through an FAQ that as of August 3, 2011, Chief Security Officers (CSO) of Scottsdale, Arizona is no longer a QSAC.
via Kicked Out Of “The Club” « PCI Guru.
The Payment Card Industry Security Standards Council today published guidelines aimed at helping merchants and others processing payment cards make effective use of what’s known as “tokenization” technologies to conceal sensitive account information.
via PCI group outlines technology to conceal sensitive account information.
ControlCase Data Discovery enables large and small businesses and organizations to find credit and debit card information that could be stored in their systems in violation of the Payment Card Industry (PCI) Data Security Standard (DSS) Finding credit card data is one of the key and initial steps needed for compliance
via ControlCase Data Discovery » Downloads.
The PCI Security Standards Council Friday released its long-awaited guidance on how mobile payment acceptance applications can meet PCI standards .
The council today listed the types of mobile applications now measured by the security standards, and which types require further review.
via PCI Council says mobile payment apps can meet security standard.
Until such time that it has completed a comprehensive examination of the mobile communications device and mobile payment application landscape, the Council will not approve or list mobile payment applications used by merchants to accept and process payment for goods and services as validated PA-DSS applications unless all requirements can be satisfied as stated
via PCI SSC Nixes PA-DSS Certification For Mobile Payments Applications – For A While « PCI Guru.
On Tuesday, June 14, 2011, the PCI SSC released an Information Supplement regarding Virtualization Guidelines. Not only does this Information Supplement cover virtualization from a VMware and Hyper-V perspective, but also goes into cloud computing.
via PCI SSC Releases Virtualization Guidelines « PCI Guru.
Smaller merchants tend to rely on their acquirer or independent sales organization (ISO) to initiate PCI DSS compliance validation. Without directive or enforcement of such initiatives, many will forgo basic steps to protect their networks and their customers’ cardholder data because they feel they do not have the time or the proper resources, or they’re just not aware of the requirement, the survey found.
via Infosecurity (USA) – Small merchants make up lion’s share of credit card breaches.