Brian Pennington

A blog about Cyber Security & Compliance


physical security

Complying with PCI-DSS Requirement 9.9 White Paper

The physical Point-of-Interaction (POI) devices that accept and process credit card transactions can be one of the most vulnerable attack vectors for criminals’ intent on stealing cardholder data. The combination of advancing technologies like 3D printing or near field communication (NFC) with outdated policies and untrained staff allows fraudsters an opportunity for substitution of POIs and insertion of physical skimmers that can result in huge losses of cardholder data.PCI-DSS_Requirement_9-9

To combat this, the Payment Card Industry Data Security Standard (PCI-DSS), Version 3.0 introduced a new requirement, found in Section 9.9. This requirement is currently a “best practice” but will become a mandatory requirement for compliance July 1, 2015. It mandates a new set of additional policies, procedures, and training for merchant organizations. Organizations that choose to delay the design, development, and implantation of these new processes until mid-2015 will be at risk of non-compliance with these new requirements.

A free white paper from Coalfire. Download here, registration required.


Is your data secure?  Infographic

Hostwinds have produced a great Infographic on how data is secured. Focused on Google but the processes could be anyone or anywhere.

Blog at

Up ↑

%d bloggers like this: