PCI DSS is “Insufficient?”
Thursday, October 8th, 2009 Posted in Compliance, PCI DSS | 5 Comments »In a lawsuit filed in the wake of the Heartland breach, the plaintiff's attorneys allege that Heartland knew that the PCI DSS was "insufficient" to protect cardholder data. Specifically, the lawsuit alleges, "Heartland executives were well aware before the ...
Nevada Mandates PCI DSS
Monday, June 22nd, 2009 Posted in Compliance, Encryption, Government, Legislation, PCI DSS | No Comments »As we've been expecting for some time, states are beginning to take action with respect to mandating PCI DSS. The trend began with Minnesota's Plastic Card Security Act, which prohibited the storage of sensitive authentication data. While not ...
There is No Spoon - Compliance in a New World
Wednesday, March 11th, 2009 Posted in Compliance, PCI DSS | 5 Comments »The arguments for and against PCI have gone far to both extremes of either standing ideologically PRO or CON both the standard and the industry as a whole. When it comes to payments security people either love or hate the ...
Cloud Computing and PCI - VM Image Sprawl
Thursday, January 8th, 2009 Posted in Compliance, Merchant, PCI DSS, Service Provider | 2 Comments »Randy Bias posted a link about virtual machine (VM) image sprawl. Just like the housing sprawl of cities, there appears to be a dramatic increase in the number of VM images being created. This could impact regulatory issues such as ...
Call centers with VoIP phones could expand PCI scope
Wednesday, December 3rd, 2008 Posted in Compliance, Merchant, Service Provider | 7 Comments »I have always said I could talk for half a day on the scoping considerations of call centers. They are complex beasts that exist for the purpose of servicing customers, which often involved either accepting or retrieving cardholder data. I ...
Visa sets global PCI DSS deadlines
Thursday, November 13th, 2008 Posted in Asia-Pacific, Card Brands, Compliance, Europe, Merchant, PCI DSS, Service Provider | 2 Comments »Only days after Visa Asia-Pacific announced compliance deadlines within their region, Visa Inc. announced global compliance deadlines for all regions. (Thanks to Danny for pointing this out.) The deadlines apply to all Visa regions globally and appear to be a natural ...
Small merchants cannot ignore PCI compliance
Thursday, November 13th, 2008 Posted in Compliance, Merchant | No Comments »We took a lesson from Scoble's playbook and posted our phone number and email address on the blog for people to call and ask questions directly. Sometimes questions come in from people wanting to know about one thing over another ...
E-Commerce Startups deal with PCI compliance
Monday, November 3rd, 2008 Posted in Compliance, Merchant, PCI DSS, Payment Applications, Third-Parties | 11 Comments »When I see someone doing something well I light to put the spotlight on it. Damon has a great blog for startups and how they can deal with security issues. You see, small companies have different needs and interests than ...
Cloud computing security and PCI
Monday, November 3rd, 2008 Posted in Compliance, PCI DSS | 14 Comments »A few days ago I began a conversation with a friend about cloud computing security, because I wanted to know the answers to some pressing questions. What I learned from this conversation is that (1) cloud computing is still in ...
PCI DSS version 1.2 differences and updates
Wednesday, October 1st, 2008 Posted in Approved Scanning Vendor, Compensating Controls, Compliance, Merchant, PCI DSS, PCI SSC, Service Provider, Third-Parties, Web Applications, Wireless | 11 Comments »On October 1, 2008 the PCI SSC released version 1.2 of the PCI DSS requirements. There are a number of changes as outlined previously in the update document. The PCI SSC has established a life cycle process that will ensure ...
