Posts Tagged Payment card industry
PCI Security Standards Council publishes card production security requirements
Posted by brianfpennington in PCI DSS Compliance on 09/05/2013
The PCI Security Standards Council (PCI SSC), has announced the publication of a standard for secure payment card production. The standard consists of two sets of requirements: PCI Card Production Physical Security Requirements PCI Card Production Logical Security Requirements Together, these documents provide card vendors with a comprehensive source of information describing the security requirements […]
Want to be PCI DSS compliant? Here are 5 mistakes to avoid.
Posted by brianfpennington in PCI DSS Compliance on 09/01/2013
Charles Denyer a QSA with NDB has produced a list of 5 Mistakes all people striving for PCI DSS compliance must avoid. Not conducting a formal Readiness Assessment. It’s important with PCI DSS compliance to truly understand all facets of the Payment Card Industry Data Security Standards (PCI DSS) provisions, which essentially means answering the “who, what, […]
65% of businesses do not protect their customers’ private data
Posted by brianfpennington in PCI DSS Compliance on 24/08/2012
According to a survey by GreenSQL more than 65% of businesses do not protect their customers’ private data from unauthorised employees and consultants. The results are interesting because every day we hear of another data breach or another form of malware which can steal data or at least damage data and you would think that […]
PCI Security Standards Council’s Qualified Integrators and Resellers program is now live
Posted by brianfpennington in PCI DSS Compliance on 15/08/2012
The PCI SSC’s the Qualified Integrators and Resellers (QIR)™ Program will train and qualify integrators and resellers that sell, install and/or service payment applications on the secure installation and maintenance of PA-DSS validated payment applications to support merchant PCI DSS security efforts. Eligible organizations can now register for the QIR program by visiting the PCI […]
PCI Security Standards Council releases Point-to-Point encryption (P2PE) resources
Posted by brianfpennington in PCI DSS Compliance on 29/06/2012
The PCI Security Standards Council (PCI SSC), has announced availability of the Point-to-Point Encryption (P2PE) Program Guide and Self-Assessment Questionnaire (SAQ) to support implementation of hardware-based point-to-point encryption (P2PE) solutions. They are downloadable from the PCI SSC website in an MS Word format. The resources follow the Council’s release of updated Solution Requirements and Testing […]
PCI Point-to-Point Encryption Solution Requirements and Testing Procedures v1.1
Posted by brianfpennington in PCI DSS Compliance on 27/04/2012
The Payments Security Standards Council (PCI SSC) have released their solutions Requirements and Testing Procedures version 1.1 for Point-to-Point Encryption (P2PE). The press release can be found here. The main document is 210 pages long but for those who have looked into this before there is a short four page summary of changes from version […]
The PCI SSC has opened its registration for the 2012 PCI Community Meetings
Posted by brianfpennington in PCI DSS Compliance on 11/04/2012
PCI North American Community Meeting will be held on September 12-14, 2012 in Orlando, Florida PCI European Community Meeting will be held this year in Dublin, Ireland, October 22-24, 2012 This year’s meetings offer Council Participating Organizations and PCI stakeholders access to three days of knowledge sharing, networking and learning, including keynote presentations from industry […]
Eight Ways to Reduce PCI DSS Audit Scope by Tokenizing Cardholder Data
Posted by brianfpennington in PCI DSS Compliance on 21/12/2011
Image via Wikipedia Eight Ways to Reduce PCI DSS Audit Scope by Tokenizing Cardholder Data Merchants are constantly seeking ways to simplify and reduce the scope of the Payment Card Industry’s Data Security Standard (PCI DSS) compliance by shrinking the footprint where cardholder data is located throughout their organization. By reducing the scope, these Merchants can […]
PCI Security Standards Council announces winners of Special Interest Group elections
Posted by brianfpennington in PCI DSS Compliance on 15/11/2011
The PCI PCI SSC today announced the results of the PCI Council election for Special Interest Groups (SIGS). Special Interest Groups (SIG) leverage the expertise of more than 600 PCI SSC Participating Organizations and provide a vehicle for incorporating their ideas and input into the work of the Council. Almost 500 votes were cast by merchants, financial institutions, […]
PCI Security Standards Council adds PCI PIN Security requirements to PTS standard
Posted by brianfpennington in PCI DSS Compliance on 06/11/2011
The PCI Security Standards Council (PCI SSC) has announced that the Council is expanding the PTS standards to encompass the PCI PIN Security Requirements, formerly administered by Visa and MasterCard, to provide organizations with one set of criteria for the protection of PIN data. After officially taking over management of the requirements earlier this year, the PCI SSC […]
PCI Security Standards Council invites industry input during next phase of standards development
Posted by brianfpennington in PCI DSS Compliance on 01/11/2011
The PCI Security Standards Council has launched its formal feedback period on version 2.0 of the PCI DSS and PA-DSS, inviting Participating Organizations and assessors (QSAs) to provide suggestions and commentary on the development of the next PCI Standards. The PCI Council works on a three-year lifecycle to update the PCI Standards. Feedback from Participating Organizations representing […]
PCI Security Standards Council opens election for new Special Interest Groups
Posted by brianfpennington in PCI DSS Compliance on 24/10/2011
The PCI Security Standards Council (PCI SSC) opens election for new Special Interest Groups (SIG). The Council developed Special Interest Groups (SIG) to leverage the expertise of more than 600 Participating Organizations and provide a vehicle for incorporating their ideas and input into the work of the Council. SIGs focus on providing recommendations to the Council which often results […]
Merchants are complacent about PCI DSS, report reveals.
Posted by brianfpennington in PCI DSS Compliance on 12/10/2011
Image via Wikipedia Verizon have launched their 2011 Payment Industry Compliance Report which draws on their experiences as a QSA company and previous annual reports. Extracts from the report are below. Unchanged from last year, only 21 % of organizations were fully compliant at the time of their Initial Report on Compliance (IROC). Verizon commented with […]
PCI SSC publishes its first set of PCI Point-to-Point Encryption Solution requirements
Posted by brianfpennington in PCI DSS Compliance on 19/09/2011
New requirements focus on hardware-based solutions and support optional scope reduction efforts in a secure, PCI DSS compliant environment The PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) requirements and the Payment Application Data Security […]
Merchants are more concerned about their brand than PCI fines
Posted by brianfpennington in PCI DSS Compliance on 12/09/2011
A joint CyberSource and Trustwave survey has shown that nearly 70% of Merchants cited the need to “protect the brand” as the primary driver for tightening controls against hackers and other payment security risks. Only 26 percent said avoiding fines resulting from non-compliance with the Payment Card Industry Data Security Standard (PCI DSS) were the […]
PCI DSS – updated guidelines for WiFi and new guidance on Bluetooth
Posted by brianfpennington in PCI DSS Compliance on 01/09/2011
The Wireless Special Interest Group (SIG) PCI Security Standards Council (PCI SSC) have released an Information Supplement for PCI DSS Wireless Guidelines. The update updates the PCI DSS guidance to align to version 2 of the PCI Data Security Standard and incorporates guidance for Bluetooth. All Merchants and Credit Card processors should read the document […]
PCI Security Standards Council Exceeds 100 Members in Europe
Posted by brianfpennington in PCI DSS Compliance on 22/08/2011
In advance of annual PCI Community Meeting, Council celebrates more than 100 European companies as key contributors to the ongoing development of the PCI Standards. The PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) requirements and […]
Exactly how many Merchants are PCI DSS compliant?
Posted by brianfpennington in PCI DSS Compliance on 18/08/2011
The number of Merchants who are compliant to the Payment Card Industry Data Security Standard (PCI DSS) vary from continent to continent, country to country but the figures released by VISA for the US make interesting reading. The table below shows the results for the US up to the 30th June 2011 as per the […]
Good news for Merchants as the PCI Security Standards Council releases Tokenization guidance
Posted by brianfpennington in PCI DSS Compliance on 17/08/2011
On August the 12th The Payment Card Industry Security Standards Council (PCI SSC) published guidelines to help Merchants and credit card processors take advantage of “Tokenization“. The PCI SSC definition of Tokenization: “Tokenization technology replaces a Primary Account Number (PAN) with a surrogate value called a “token”. Specific to PCI DSS, this involves substituting sensitive PAN […]
PCI Compliance Cost Calculator for Level 1-4 Retailers
Posted by brianfpennington in brian pennington on 12/07/2011
StillSecure have produced the “StillSecure PCI Calculator”, a free online tool designed to help Level 1 though 4 retailers examine, and potentially significantly reduce, the costs and complexities associated with PCI compliance. It is a very interesting approach to calculating the cost of compliance. From the StillSecure press release: Gartner issued its Retail Security & Compliance […]
Brian Pennington
-
