Posts Tagged PCI SSC
PCI Security Standards Council announces new board of advisors
Posted by brianfpennington in PCI DSS Compliance on 16/05/2013
The PCI Security Standards Council (PCI SSC), announced election results for the 2013-2015 PCI SSC Board of Advisors. The Board will represent the PCI community by providing counsel to SSC leadership. The Council’s more than 690 Participating Organizations selected individuals from the following organizations to represent their industry’s unique perspectives in the development of PCI Standards […]
PCI Security Standards Council publishes card production security requirements
Posted by brianfpennington in PCI DSS Compliance on 09/05/2013
The PCI Security Standards Council (PCI SSC), has announced the publication of a standard for secure payment card production. The standard consists of two sets of requirements: PCI Card Production Physical Security Requirements PCI Card Production Logical Security Requirements Together, these documents provide card vendors with a comprehensive source of information describing the security requirements […]
Sometimes it is a good idea to have in-house skills
Posted by brianfpennington in PCI DSS Compliance on 20/03/2013
After many discussions with people responsible for achieving and maintaining PCI DSS compliance within their organisation and hearing about their problems and pains, I often think about the skills they need and where they can get them. They could recruit, outsource or train with training being the most cost effective. I noticed on the PCI […]
PCI SSC releases its Best practices to help prevent card data compromise at ATMs
Posted by brianfpennington in PCI DSS Compliance on 31/01/2013
The PCI SSC has released their latest supplement, the ATM Security Guidelines Information Supplement. The guidelines were developed to provide guidance to ATM manufacturers on how to prevent credit cards from being compromised. The ATM Industry Association’s (ATMIA) 2012 ATM Global fraud survey reveals that skimming remains the leading global threat to ATMs because criminals use stolen […]
Feedback requested from PCI community on best practices to help prevent card data compromise at ATMs
Posted by brianfpennington in PCI DSS Compliance on 15/09/2012
The PCI SSC is seeking feedback from Participating Organizations (POs) on draft ATM security guidelines. The draft information supplement provides best practices to mitigate the effect of attacks to ATMs aimed at stealing PIN and account data, a direct response to stakeholder feedback for guidance on ATM security. Participating Organizations have until November 13, 2012 to […]
PCI Security Standards Council releases best practices for mobile software developers
Posted by brianfpennington in PCI DSS Compliance on 14/09/2012
During this week’s PCI SSC US Community meeting a demonstration of a Mobile attack highlighted the need for more secure development practices in the mobile payments space. The demonstration coincided and supported the release of the new guidelines the PCI Mobile Payment Acceptance Security Guidelines which offer software developers and mobile device manufacturer’s guidance on […]
The average cost of a breach event is $7.2 million or $214 per compromised record
Posted by brianfpennington in Uncategorized on 13/09/2012
In promoting their Internal Security Assessor Training in Dublin the Payment Card Industry Security Standards Council (PCI SSC) sent an email quoting the Verizon Data Breach Investigation Report 2011 statistics: The average cost of a breach event is $7.2 million The average cost per compromised record is $214 The reason they were using the statistics […]
PCI Security Standards Council releases Point-to-Point encryption (P2PE) resources
Posted by brianfpennington in PCI DSS Compliance on 29/06/2012
The PCI Security Standards Council (PCI SSC), has announced availability of the Point-to-Point Encryption (P2PE) Program Guide and Self-Assessment Questionnaire (SAQ) to support implementation of hardware-based point-to-point encryption (P2PE) solutions. They are downloadable from the PCI SSC website in an MS Word format. The resources follow the Council’s release of updated Solution Requirements and Testing […]
Guidance for merchants on how to securely accept mobile payments the PCI way
Posted by brianfpennington in PCI DSS Compliance on 16/05/2012
This has been coming for a while but finally the PCI SSC has published a fact sheet outlining how merchants can securely accept payments using mobile devices such as smartphones or tablets. The “At a Glance: Mobile Payment Acceptance Security fact sheet” provides merchants with actionable recommendations on partnering with a Point-to-Point Encryption (P2PE) solution […]
PCI Security Standards Council announces qualified integrators and resellers certification program
Posted by brianfpennington in PCI DSS Compliance on 10/05/2012
The PCI SSC quotes results from the Trustwave 2012 Global Security Report which states that 76% of the breaches they investigated were a result of security vulnerabilities introduced by a third party responsible for system support, development and/or maintenance of business environments. Errors introduced during implementation, configuration and support of PA-DSS validated payment applications by third parties […]
PCI DSS – updated guidelines for WiFi and new guidance on Bluetooth
Posted by brianfpennington in PCI DSS Compliance on 01/09/2011
The Wireless Special Interest Group (SIG) PCI Security Standards Council (PCI SSC) have released an Information Supplement for PCI DSS Wireless Guidelines. The update updates the PCI DSS guidance to align to version 2 of the PCI Data Security Standard and incorporates guidance for Bluetooth. All Merchants and Credit Card processors should read the document […]
PCI Security Standards Council Exceeds 100 Members in Europe
Posted by brianfpennington in PCI DSS Compliance on 22/08/2011
In advance of annual PCI Community Meeting, Council celebrates more than 100 European companies as key contributors to the ongoing development of the PCI Standards. The PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) requirements and […]
Good news for Merchants as the PCI Security Standards Council releases Tokenization guidance
Posted by brianfpennington in PCI DSS Compliance on 17/08/2011
On August the 12th The Payment Card Industry Security Standards Council (PCI SSC) published guidelines to help Merchants and credit card processors take advantage of “Tokenization“. The PCI SSC definition of Tokenization: “Tokenization technology replaces a Primary Account Number (PAN) with a surrogate value called a “token”. Specific to PCI DSS, this involves substituting sensitive PAN […]
PCI SSC Board of Advisors 2011 elections are now open
Posted by brianfpennington in PCI DSS Compliance on 09/03/2011
The PCI SSC Board of Advisors elections for 2011 to 2013 are now open. All Participating PCI SSC organisations can vote. Votes close 08 April 2011. The votes will decide the composition of the Board of Advisors for the next 2 years. A complete list of the candidates is below: Financial Institution – 3 votes Australia […]
Brian Pennington
-
