Posts Tagged PCI DSS
Small firms lose up to £800 million to cyber crime a year
Posted by brianfpennington in brian pennington on 21/05/2013
New research from the Federation of Small Businesses (FSB) shows that cyber crime costs its members around £785 million per year as they fall victim to fraud and online crime. The report shows: 41% of FSB members have been a victim of cyber crime in the last 12 months, putting the average cost at around […]
Sometimes it is a good idea to have in-house skills
Posted by brianfpennington in PCI DSS Compliance on 20/03/2013
After many discussions with people responsible for achieving and maintaining PCI DSS compliance within their organisation and hearing about their problems and pains, I often think about the skills they need and where they can get them. They could recruit, outsource or train with training being the most cost effective. I noticed on the PCI […]
Merchant sues VISA. Biting the hand that feeds you?
Posted by brianfpennington in PCI DSS Compliance on 18/03/2013
I know that if there were no merchants there would be no credit card companies and I know that the “alternative” payments market is growing, such as PayPal and V.me, but at this time it is fair to say that consumers still favour credit cards when it comes to online payments. This is why when I […]
Lack of guidance on BYOD raises data protection concerns
Posted by brianfpennington in brian pennington on 08/03/2013
The UK Information Commissioner’s Office (ICO) has commissioned a survey into business attitudes towards Bring Your Own Device (BYOD). The survey results shown many employers appear to have a ‘laissez faire’ attitude to allowing staff to use their personal laptop, tablets or smartphone for at work and for work business, which may be placing people’s personal information […]
How the British have changed the way they spend their money over the last decade
Posted by brianfpennington in Uncategorized on 22/02/2013
The UK Payments Council has published its latest report, The Way We Pay, and brings together all the significant trends over the past decade. It shows how many cash payments are continuing to migrate to debit card, how the debit card has won the day for now, but also how it’s possible to see the […]
Card Not Present (CNP) Fraud Fall 57% Since 2010
Posted by brianfpennington in PCI DSS Compliance on 18/02/2013
FICO a provider of analytics and decision management technology, has released data showing that card issuers using their FICO® Falcon® Fraud Manager have dramatically cut card-not-present (CNP) fraud losses from credit cards over the last two years, from £28 million in April 2010 to less than £12 million in March 2012. CNP fraud, which includes illegitimate […]
PCI SSC releases PCI DSS Cloud Computing Guidelines
Posted by brianfpennington in PCI DSS Compliance on 07/02/2013
The PCI Security Standards Council has published the PCI DSS Cloud Computing Guidelines Information Supplement, a product of the Cloud Special Interest Group (SIG). The guide is an excellent introduction to the “cloud” and offers specific and helpful guidance on what to consider when processing payments involving the cloud as well as the storage of […]
PCI SSC releases its PCI DSS E-commerce Security Guidelines
Posted by brianfpennington in Uncategorized on 01/02/2013
Hot on the heels of the ATM Guidelines the PCI SSC has released the PCI DSS E-commerce Guidelines Information Supplement. The guidelines are designed to help e-commerce merchants to decide on which technologies and third party service providers to choose. The e-commerce Special Interest Groups (SIGs) helped put the guidelines together and that meant using their […]
PCI SSC releases its Best practices to help prevent card data compromise at ATMs
Posted by brianfpennington in PCI DSS Compliance on 31/01/2013
The PCI SSC has released their latest supplement, the ATM Security Guidelines Information Supplement. The guidelines were developed to provide guidance to ATM manufacturers on how to prevent credit cards from being compromised. The ATM Industry Association’s (ATMIA) 2012 ATM Global fraud survey reveals that skimming remains the leading global threat to ATMs because criminals use stolen […]
Europol reveals €1.5 Billion Euro in Credit Card Fraud, how it is stolen and why they struggle to catch the criminals
Posted by brianfpennington in PCI DSS Compliance on 25/01/2013
Europol’s Situation Report for Credit Card Fraud 2012 summaries fraudulent activity for credit cards across Europe is a very interesting read. It explains how the criminals act and with what types of techniques and why the Law Enforcement Agencies struggle to catch them. A summary of the Europol report is below. The criminal market of payment […]
Want to be PCI DSS compliant? Here are 5 mistakes to avoid.
Posted by brianfpennington in PCI DSS Compliance on 09/01/2013
Charles Denyer a QSA with NDB has produced a list of 5 Mistakes all people striving for PCI DSS compliance must avoid. Not conducting a formal Readiness Assessment. It’s important with PCI DSS compliance to truly understand all facets of the Payment Card Industry Data Security Standards (PCI DSS) provisions, which essentially means answering the “who, what, […]
6 Experts predict the IT security and compliance issues and trends for 2013
Posted by brianfpennington in brian pennington on 20/12/2012
Everyone has an opinion on what could be around the corner, some are based on extensive research and market trends, and some are based on customer expectations and experience. Rather than bore you with my predictions I thought I would extract the predictions of several vendors and a distributor and put them into one single post so it […]
What will fraud look like in 2013?
Posted by brianfpennington in brian pennington on 19/12/2012
UK Fraud has identified 10 key trends that will characterise the UK domestic fraud prevention market in 2013. The forecasted trends are: With more high quality data becoming available to fraudsters than ever before, an economy forecast to contract and the UK’s benefits spend reducing, overall fraud levels will continue to increase dramatically across the UK and […]
New figures show spread of audacious telephone scam targeting cardholders’ PIN
Posted by brianfpennington in brian pennington on 09/12/2012
New fraud intelligence released demonstrates the extent of the rise of an audacious telephone-based deception targeting British credit and debit card holders. Figures released by Financial Fraud Action UK and The UK Cards Association show that the scam has already caused over £7.5m worth of fraud on credit and debit cards between January and August […]
One in four consumers are victims of card fraud – new study reveals
Posted by brianfpennington in brian pennington on 17/10/2012
A global study of more than 5,200 consumers across 17 countries conducted by ACI Worldwide and Aite Group has revealed that one-in-four respondents has been victimised by credit, debit or pre-paid card fraud during the past five years. More than 20% respondents reporting that they will stop using, or switch from, the card impacted by fraudulent […]
Feedback requested from PCI community on best practices to help prevent card data compromise at ATMs
Posted by brianfpennington in PCI DSS Compliance on 15/09/2012
The PCI SSC is seeking feedback from Participating Organizations (POs) on draft ATM security guidelines. The draft information supplement provides best practices to mitigate the effect of attacks to ATMs aimed at stealing PIN and account data, a direct response to stakeholder feedback for guidance on ATM security. Participating Organizations have until November 13, 2012 to […]
PCI Security Standards Council releases best practices for mobile software developers
Posted by brianfpennington in PCI DSS Compliance on 14/09/2012
During this week’s PCI SSC US Community meeting a demonstration of a Mobile attack highlighted the need for more secure development practices in the mobile payments space. The demonstration coincided and supported the release of the new guidelines the PCI Mobile Payment Acceptance Security Guidelines which offer software developers and mobile device manufacturer’s guidance on […]
PCI Security Standard Council releases summary of feedback on PCI standards
Posted by brianfpennington in PCI DSS Compliance on 09/09/2012
The Payment Card Industry Security Standards Council releases a summary of feedback from the PCI community on the PCI Security Standards. The document highlights key themes coming out of the Council’s formal feedback period on version 2.0 of the PCI DSS and PA-DSS, in preparation for the next release of the standards in October 2013. […]
A new report indicates that UK fraud has fallen by 50% in the last 12 months…
Posted by brianfpennington in brian pennington on 25/07/2012
BDO’s interim 2012 “FraudTrack” report has some fascinating results concerning fraud trends in the UK and for the public sector it isn’t easy reading. It is worth noting before reading the extract from the BDO report that the data only relates to frauds of £50,000 or over. This leaves a considerable amount of discussion on […]
Criminal logic; follow the money and find easy targets
Posted by brianfpennington in PCI DSS Compliance on 16/07/2012
Anecdotal information shows that small businesses are just as likely to become victims of an attack as large businesses. Why? Criminals do not discriminate, a dollar is a dollar, a credit card is a credit card, no matter where it is stolen from. Small businesses cannot invest as much in protection, management, procedures and processes as larger […]
Brian Pennington
-
