Archive for March, 2011
Comparison Of Cost Of Ownership Between In-House And Managed Pay
Posted by brianfpennington in PCI DSS Compliance on 31/03/2011
Interesting article comparing two payment methods a Merchant could choose. It is written by a managed Payments Provider but tries to deliver the assumptions and figures as accurately as it can. “The objective of this study is to compare an in-house supported credit/debit card EMV (Europay,MasterCard and Visa) Chip & PIN and PCI-DSS(Payment Card Industry Data Security Standard) […]
How to Choose a QSA – SANS
Posted by brianfpennington in PCI DSS Compliance on 22/03/2011
The Quality Security Assessor (QSA) a Merchant chooses will dramatically impact on how the Merchant achieves compliance. In simple terms the right advice and guidance saves time and money whilst reducing risk and achieving compliance. The wrong advice or guidance could prove extremely costly. SANS: “The independent white paper in this security KnowledgeVault is just one of […]
CyberSource Brings World’s Largest Fraud Detection Radar to Online Merchants
Posted by brianfpennington in PCI DSS Compliance on 21/03/2011
CyberSource, a Visa company (NYSE: V), today announced availability of the world’s largest real-time fraud detection radar, empowering online merchants to pinpoint fraud faster, more accurately, and with less manual intervention. This advance enables merchants to conduct more accurate analyses of their inbound orders, including comparison of those orders to the over 60 billion transactions […]
PCI Council Releases Guidance for Protecting Telephone Based Payment Card Data
Posted by brianfpennington in Uncategorized on 18/03/2011
The PCI Council today released a 12 page Information Supplement that is an essential read for anyone who takes credit card payments over the phone. The supplement is titled “Protecting Telephone based Payment Card Data”. Download the pdf here.
Benefits of PCI Compliance – direct and indirect
Posted by brianfpennington in PCI DSS Compliance on 14/03/2011
Many Merchants see the Payment Card Industry’s Data Security Standard (PCI DSS) as an expense they could do without. The counter argument is most businesses would struggle if nothing was done to tackle Credit Card Fraud because the Credit Card companies would need to charge Merchants a higher transaction rate to cover their losses. So, […]
Cloud Computing Risk Assessment from ENISA
Posted by brianfpennington in brian pennington on 13/03/2011
In November 2009 The European Network and Information Security Agency (ENISA) published a document title “Cloud Computing Risk Assessment” the “Benefits, risks and recommendations for information security“. The document maybe 15 months old but it is an excellent starting point for any organisation looking to invest in the CLOUD. The official ENISA wording is below. ENISA, […]
Botnets: 10 Tough Questions downloadable research
Posted by brianfpennington in Uncategorized on 11/03/2011
As part of the project “Botnets: Detection, Measurement, Mitigation & Defence” a series of questions was discussed by internationally renowned experts in the field of botnets between September and November 2010. This document presents a selection of the most interesting results. The document distills the major issues which need to be understood and addressed by decision-makers in all […]
PCI SSC Board of Advisors 2011 elections are now open
Posted by brianfpennington in PCI DSS Compliance on 09/03/2011
The PCI SSC Board of Advisors elections for 2011 to 2013 are now open. All Participating PCI SSC organisations can vote. Votes close 08 April 2011. The votes will decide the composition of the Board of Advisors for the next 2 years. A complete list of the candidates is below: Financial Institution – 3 votes Australia […]
Fraud losses drop on UK cards, cheques and online banking
Posted by brianfpennington in PCI DSS Compliance on 09/03/2011
The UK Card Association reports that fraud losses over 2010 in the UK on cards, cheques and online backing has dropped against 2009 figures. Total fraud losses on UK cards fell to £365.4 million in 2010 – a 17 per cent reduction compared with losses in 2009. This is the lowest annual total since 2000 and […]
77% of Hospitality Sector Mistakenly Believe They Are PCI Compliant
Posted by brianfpennington in PCI DSS Compliance on 07/03/2011
Orthus Limited, on the 7th March 2011, released the results of a survey conducted of 1000 Level 4 Merchants in the United Kingdom hospitality sector to verify their PCI DSS compliance status. The survey indicates 77% of 1000 Level 4 Merchants were compliant to PCI DSS when in fact they were not compliant: The rest […]
Where do security breaches occur? What type of data is stolen and who makes the discovery?
Posted by brianfpennington in PCI DSS Compliance on 02/03/2011
Trustwave has published its Global Security Report 2011 and it has some very interesting research. The research is from incidents investigated by the company. Specifically, a total of 220 investigations, undertaken against suspected breaches, 85% were confirmed with 90% resulted in data theft. The headline statistics are: Industry breakdown of where the incident happened Food and beverage 57% Retail 18% […]
-
You are currently browsing the archives for March, 2011
Brian Pennington
-
