Archive for category PCI DSS Compliance
PCI Security Standards Council announces new board of advisors
Posted by brianfpennington in PCI DSS Compliance on 16/05/2013
The PCI Security Standards Council (PCI SSC), announced election results for the 2013-2015 PCI SSC Board of Advisors. The Board will represent the PCI community by providing counsel to SSC leadership. The Council’s more than 690 Participating Organizations selected individuals from the following organizations to represent their industry’s unique perspectives in the development of PCI Standards […]
PCI Security Standards Council publishes card production security requirements
Posted by brianfpennington in PCI DSS Compliance on 09/05/2013
The PCI Security Standards Council (PCI SSC), has announced the publication of a standard for secure payment card production. The standard consists of two sets of requirements: PCI Card Production Physical Security Requirements PCI Card Production Logical Security Requirements Together, these documents provide card vendors with a comprehensive source of information describing the security requirements […]
Sometimes it is a good idea to have in-house skills
Posted by brianfpennington in PCI DSS Compliance on 20/03/2013
After many discussions with people responsible for achieving and maintaining PCI DSS compliance within their organisation and hearing about their problems and pains, I often think about the skills they need and where they can get them. They could recruit, outsource or train with training being the most cost effective. I noticed on the PCI […]
Merchant sues VISA. Biting the hand that feeds you?
Posted by brianfpennington in PCI DSS Compliance on 18/03/2013
I know that if there were no merchants there would be no credit card companies and I know that the “alternative” payments market is growing, such as PayPal and V.me, but at this time it is fair to say that consumers still favour credit cards when it comes to online payments. This is why when I […]
Card Not Present (CNP) Fraud Fall 57% Since 2010
Posted by brianfpennington in PCI DSS Compliance on 18/02/2013
FICO a provider of analytics and decision management technology, has released data showing that card issuers using their FICO® Falcon® Fraud Manager have dramatically cut card-not-present (CNP) fraud losses from credit cards over the last two years, from £28 million in April 2010 to less than £12 million in March 2012. CNP fraud, which includes illegitimate […]
PCI SSC releases PCI DSS Cloud Computing Guidelines
Posted by brianfpennington in PCI DSS Compliance on 07/02/2013
The PCI Security Standards Council has published the PCI DSS Cloud Computing Guidelines Information Supplement, a product of the Cloud Special Interest Group (SIG). The guide is an excellent introduction to the “cloud” and offers specific and helpful guidance on what to consider when processing payments involving the cloud as well as the storage of […]
PCI SSC releases its Best practices to help prevent card data compromise at ATMs
Posted by brianfpennington in PCI DSS Compliance on 31/01/2013
The PCI SSC has released their latest supplement, the ATM Security Guidelines Information Supplement. The guidelines were developed to provide guidance to ATM manufacturers on how to prevent credit cards from being compromised. The ATM Industry Association’s (ATMIA) 2012 ATM Global fraud survey reveals that skimming remains the leading global threat to ATMs because criminals use stolen […]
Europol reveals €1.5 Billion Euro in Credit Card Fraud, how it is stolen and why they struggle to catch the criminals
Posted by brianfpennington in PCI DSS Compliance on 25/01/2013
Europol’s Situation Report for Credit Card Fraud 2012 summaries fraudulent activity for credit cards across Europe is a very interesting read. It explains how the criminals act and with what types of techniques and why the Law Enforcement Agencies struggle to catch them. A summary of the Europol report is below. The criminal market of payment […]
Want to be PCI DSS compliant? Here are 5 mistakes to avoid.
Posted by brianfpennington in PCI DSS Compliance on 09/01/2013
Charles Denyer a QSA with NDB has produced a list of 5 Mistakes all people striving for PCI DSS compliance must avoid. Not conducting a formal Readiness Assessment. It’s important with PCI DSS compliance to truly understand all facets of the Payment Card Industry Data Security Standards (PCI DSS) provisions, which essentially means answering the “who, what, […]
RSA’s November Online Fraud Report 2012 including advice on avoiding fraud
Posted by brianfpennington in PCI DSS Compliance on 31/12/2012
RSA’s November Online Fraud Report delivers the results from RSA’s fraud monitoring centre, a summary of their report is below. In 2011, RSA’s e-commerce authentication technology was used by many of the top card issuers around the globe to protect nearly a half a billion e-commerce transactions and their statistics for 2011 (2012 will be posted when available) […]
PCI SSC’s insights on mobile, encryption and payment security following the North American community meeting
Posted by brianfpennington in PCI DSS Compliance on 19/09/2012
After the sixth annual North American Community Meeting in Orlando, Florida which was attended by over 1,000 stakeholders representing 460 organizations from 17 countries to discuss the PCI SSC summaries the key discussion topics as: – Feedback on the standards in preparation for the release of the next version of the PCI DSS and PA-DSS […]
Feedback requested from PCI community on best practices to help prevent card data compromise at ATMs
Posted by brianfpennington in PCI DSS Compliance on 15/09/2012
The PCI SSC is seeking feedback from Participating Organizations (POs) on draft ATM security guidelines. The draft information supplement provides best practices to mitigate the effect of attacks to ATMs aimed at stealing PIN and account data, a direct response to stakeholder feedback for guidance on ATM security. Participating Organizations have until November 13, 2012 to […]
PCI Security Standards Council releases best practices for mobile software developers
Posted by brianfpennington in PCI DSS Compliance on 14/09/2012
During this week’s PCI SSC US Community meeting a demonstration of a Mobile attack highlighted the need for more secure development practices in the mobile payments space. The demonstration coincided and supported the release of the new guidelines the PCI Mobile Payment Acceptance Security Guidelines which offer software developers and mobile device manufacturer’s guidance on […]
PCI Security Standard Council releases summary of feedback on PCI standards
Posted by brianfpennington in PCI DSS Compliance on 09/09/2012
The Payment Card Industry Security Standards Council releases a summary of feedback from the PCI community on the PCI Security Standards. The document highlights key themes coming out of the Council’s formal feedback period on version 2.0 of the PCI DSS and PA-DSS, in preparation for the next release of the standards in October 2013. […]
65% of businesses do not protect their customers’ private data
Posted by brianfpennington in PCI DSS Compliance on 24/08/2012
According to a survey by GreenSQL more than 65% of businesses do not protect their customers’ private data from unauthorised employees and consultants. The results are interesting because every day we hear of another data breach or another form of malware which can steal data or at least damage data and you would think that […]
PCI Security Standards Council’s Qualified Integrators and Resellers program is now live
Posted by brianfpennington in PCI DSS Compliance on 15/08/2012
The PCI SSC’s the Qualified Integrators and Resellers (QIR)™ Program will train and qualify integrators and resellers that sell, install and/or service payment applications on the secure installation and maintenance of PA-DSS validated payment applications to support merchant PCI DSS security efforts. Eligible organizations can now register for the QIR program by visiting the PCI […]
The Information Commissioner’s 5 Tips on how to better protect personal information
Posted by brianfpennington in PCI DSS Compliance on 08/08/2012
The UK’s Information Commissioners office has created a list of 5 useful tips for protecting personally identifiable information (PII). The list comes on the back of an offer by the ICO to help charities and other third sector organisations to help them protect data and avoid potential fines of up to £500,000. Louise Byers, Head […]
Criminal logic; follow the money and find easy targets
Posted by brianfpennington in PCI DSS Compliance on 16/07/2012
Anecdotal information shows that small businesses are just as likely to become victims of an attack as large businesses. Why? Criminals do not discriminate, a dollar is a dollar, a credit card is a credit card, no matter where it is stolen from. Small businesses cannot invest as much in protection, management, procedures and processes as larger […]
PCI Security Standards Council releases Point-to-Point encryption (P2PE) resources
Posted by brianfpennington in PCI DSS Compliance on 29/06/2012
The PCI Security Standards Council (PCI SSC), has announced availability of the Point-to-Point Encryption (P2PE) Program Guide and Self-Assessment Questionnaire (SAQ) to support implementation of hardware-based point-to-point encryption (P2PE) solutions. They are downloadable from the PCI SSC website in an MS Word format. The resources follow the Council’s release of updated Solution Requirements and Testing […]
Guidance for merchants on how to securely accept mobile payments the PCI way
Posted by brianfpennington in PCI DSS Compliance on 16/05/2012
This has been coming for a while but finally the PCI SSC has published a fact sheet outlining how merchants can securely accept payments using mobile devices such as smartphones or tablets. The “At a Glance: Mobile Payment Acceptance Security fact sheet” provides merchants with actionable recommendations on partnering with a Point-to-Point Encryption (P2PE) solution […]
-
You are currently browsing the archives for the PCI DSS Compliance category.
Brian Pennington
-
