Posts Tagged Bob Russo
PCI Security Standards Council announces new board of advisors
Posted by brianfpennington in PCI DSS Compliance on 16/05/2013
The PCI Security Standards Council (PCI SSC), announced election results for the 2013-2015 PCI SSC Board of Advisors. The Board will represent the PCI community by providing counsel to SSC leadership. The Council’s more than 690 Participating Organizations selected individuals from the following organizations to represent their industry’s unique perspectives in the development of PCI Standards […]
PCI Security Standards Council publishes card production security requirements
Posted by brianfpennington in PCI DSS Compliance on 09/05/2013
The PCI Security Standards Council (PCI SSC), has announced the publication of a standard for secure payment card production. The standard consists of two sets of requirements: PCI Card Production Physical Security Requirements PCI Card Production Logical Security Requirements Together, these documents provide card vendors with a comprehensive source of information describing the security requirements […]
PCI SSC releases PCI DSS Cloud Computing Guidelines
Posted by brianfpennington in PCI DSS Compliance on 07/02/2013
The PCI Security Standards Council has published the PCI DSS Cloud Computing Guidelines Information Supplement, a product of the Cloud Special Interest Group (SIG). The guide is an excellent introduction to the “cloud” and offers specific and helpful guidance on what to consider when processing payments involving the cloud as well as the storage of […]
PCI SSC releases its PCI DSS E-commerce Security Guidelines
Posted by brianfpennington in Uncategorized on 01/02/2013
Hot on the heels of the ATM Guidelines the PCI SSC has released the PCI DSS E-commerce Guidelines Information Supplement. The guidelines are designed to help e-commerce merchants to decide on which technologies and third party service providers to choose. The e-commerce Special Interest Groups (SIGs) helped put the guidelines together and that meant using their […]
PCI SSC releases its Best practices to help prevent card data compromise at ATMs
Posted by brianfpennington in PCI DSS Compliance on 31/01/2013
The PCI SSC has released their latest supplement, the ATM Security Guidelines Information Supplement. The guidelines were developed to provide guidance to ATM manufacturers on how to prevent credit cards from being compromised. The ATM Industry Association’s (ATMIA) 2012 ATM Global fraud survey reveals that skimming remains the leading global threat to ATMs because criminals use stolen […]
Feedback requested from PCI community on best practices to help prevent card data compromise at ATMs
Posted by brianfpennington in PCI DSS Compliance on 15/09/2012
The PCI SSC is seeking feedback from Participating Organizations (POs) on draft ATM security guidelines. The draft information supplement provides best practices to mitigate the effect of attacks to ATMs aimed at stealing PIN and account data, a direct response to stakeholder feedback for guidance on ATM security. Participating Organizations have until November 13, 2012 to […]
PCI Security Standard Council releases summary of feedback on PCI standards
Posted by brianfpennington in PCI DSS Compliance on 09/09/2012
The Payment Card Industry Security Standards Council releases a summary of feedback from the PCI community on the PCI Security Standards. The document highlights key themes coming out of the Council’s formal feedback period on version 2.0 of the PCI DSS and PA-DSS, in preparation for the next release of the standards in October 2013. […]
Guidance for merchants on how to securely accept mobile payments the PCI way
Posted by brianfpennington in PCI DSS Compliance on 16/05/2012
This has been coming for a while but finally the PCI SSC has published a fact sheet outlining how merchants can securely accept payments using mobile devices such as smartphones or tablets. The “At a Glance: Mobile Payment Acceptance Security fact sheet” provides merchants with actionable recommendations on partnering with a Point-to-Point Encryption (P2PE) solution […]
PCI Security Standards Council announces qualified integrators and resellers certification program
Posted by brianfpennington in PCI DSS Compliance on 10/05/2012
The PCI SSC quotes results from the Trustwave 2012 Global Security Report which states that 76% of the breaches they investigated were a result of security vulnerabilities introduced by a third party responsible for system support, development and/or maintenance of business environments. Errors introduced during implementation, configuration and support of PA-DSS validated payment applications by third parties […]
PCI Security Standards Council pushing for feedback as window starts to close
Posted by brianfpennington in PCI DSS Compliance on 28/03/2012
The Payments Security Council (PCI) Security Standards Council (PCI SSC) called upon its global constituents to submit feedback for development of the next version of the PCI Data Security Standard (DSS) and PA-DSS. As part of the three-year life-cycle for standards development, the official feedback period, which opened in November 2011, will be closing on April […]
PCI Security Standards Council invites industry input during next phase of standards development
Posted by brianfpennington in PCI DSS Compliance on 01/11/2011
The PCI Security Standards Council has launched its formal feedback period on version 2.0 of the PCI DSS and PA-DSS, inviting Participating Organizations and assessors (QSAs) to provide suggestions and commentary on the development of the next PCI Standards. The PCI Council works on a three-year lifecycle to update the PCI Standards. Feedback from Participating Organizations representing […]
PCI SSC updates PTS program for Encryption and Mobile
Posted by brianfpennington in PCI DSS Compliance on 15/10/2011
The PCI Security Standards Council have provided and update to the PIN Transaction Security Program for secure point-to-point encryption (P2PE) and mobile payment acceptance. PTS 3.1 adds two new approval classes that facilitate the deployment of P2PE technology in payment card security efforts, building on the Secure Reading and Exchange of Data (SRED) module previously introduced in version 3.0 […]
Good news for Merchants as the PCI Security Standards Council releases Tokenization guidance
Posted by brianfpennington in PCI DSS Compliance on 17/08/2011
On August the 12th The Payment Card Industry Security Standards Council (PCI SSC) published guidelines to help Merchants and credit card processors take advantage of “Tokenization“. The PCI SSC definition of Tokenization: “Tokenization technology replaces a Primary Account Number (PAN) with a surrogate value called a “token”. Specific to PCI DSS, this involves substituting sensitive PAN […]
Brian Pennington
-
