User Blogs

User Blogs

Discussions and Blogs
Tags >> PCI
Jun 12
2012

Update version of the PCI Compliance Dashboard

Posted by Didier Godart in PCI

Didier Godart

Please feel free to use this “compliance dashboard” spreadsheet to sustain your PCI compliance journey.

Nov 16
2011

Almost 80% of Retailers Data At High Risk

Posted by Robert Siciliano in PCI

Robert Siciliano

The PCI Security Standards Council is an open global forum, launched in 2006, that is responsible for the development, management, education, and awareness of the PCI Security Standards, including the Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) requirements.

Nov 15
2011

PCI 30 seconds newsletter #14 – The World Isn't Perfect

Posted by Didier Godart in PCI

Didier Godart
According to the 2011 Verizon Payment Card Industry Compliance Report, requirement 11 - "Regularly test security systems and processes" - is the one least met, so I thought I would dedicate a few newsletters to this subject, starting with the definition and source of vulnerabilities. 

The term "vulnerabilities" is often used in the PCI DSS standard to mean the following (per the definition given by the Council):

Oct 31
2011

New PCI Compliance Dashboard Available - Nov 2011

Posted by Didier Godart in PCI

Didier Godart

Please feel free to use this “compliance dashboard” spreadsheet to sustain your PCI gap analysis exercise. It encompasses:

Oct 24
2011

PCI 30 seconds newsletter #13 – Compensating controls, Magic or Mirage?

Posted by Didier Godart in PCI

Didier Godart

There are circumstances where companies could face some technical or business impediments preventing them from implementing the requirements as explicitly stated in the standard. Does this mean that these companies could never achieve and maintain compliance?

Oct 20
2011

Cloud-Based ATMs Coming Your Way

Posted by Robert Siciliano in PCI , Cloud Security , Cloud

Robert Siciliano

Criminals often target cash machines, as well as various other automated kiosks that dispense DVDs, tickets, or other merchandise. They have discovered numerous techniques for compromising these devices. According to the ATM Industry Association (ATMIA), ATM fraud alone results in over a billion dollars in losses each year.

Oct 10
2011

New PCI Compliance Dashboard - Available

Posted by Didier Godart in PCI

Didier Godart

The PCI Compliance Dashboard is a spreadsheet providing  a single view on all information you need to complete the PCI Compliance process without requiring to open multiple documents on the side.

Oct 03
2011

PCI 30 second newsletter N°5 – What's your “type”?

Posted by Didier Godart in PCI

Didier Godart

Do not mistake “Levels” for “Types”!

In newsletter #4 we saw that the payment brands classify organizations accepting and processing credit cards into “levels.” Levels are related to the number of transaction processed annually on the payment brand networks and are used to indicate what compliance validation procedures and reporting requirements targeted entities are expected to complete.

Oct 03
2011

My thoughts on the 2011 Verizon PCI Compliance Report

Posted by Didier Godart in PCI , Information Security , Compliance

Didier Godart

If you ever endeavour getting data about the compliance rate from PCIco or the Payment Brands you would know how challenging it is, probably more challenging than finding the Holy Grail. So in this context the release of the Verizon 2011 Payment Card Industry Compliance Report is quite enlightening for the security industry and merchant community. It gives us a good sense of reality of the field.

Sep 24
2011

International Credit Card Hackers Hammered

Posted by Robert Siciliano in PCI

Robert Siciliano

Retailers can temporarily rejoice (for about a minute) now that six cyber villains have been caught in two different international credit card fraud rings.

Sep 08
2011

PCI 30 seconds Newsletter N°4 – Merchant levels: What, Who and How.

Posted by Didier Godart in PCI

Didier Godart

What is a level? 

“Levels” is a classification of organizations accepting and processing credit cards.  They are defined and used by the payment brands to indicate what compliance validation procedures and reporting requirements targeted entities are expected to complete.

Sep 02
2011

PCI 30 seconds Newsletter N°3 – Roles distribution for the PCI play.

Posted by Didier Godart in PCI

Didier Godart
In this newsletter we will distribute the roles for the PCI play. 

Regulators (scenarists and directors)

  • «
  •  Start 
  •  Prev 
  •  1 
  •  2 
  •  Next 
  •  End 
  • »

Subscribe via Email

 Your Email:

Tag Cloud

2012 abduction Aberdeen Group alarm alarms Android Apple Apps ATM Skimming Audit Bank Fraud Banking Security BillGuard BlackBerry botnet BPM breaches BS 25999 burglar burglary Business Continuity BYOD change management cheating children pictures Cloud Cloud Security Cobit collaboration Community discussion Compliance computer failure Consumer IT Tips contactless credit card credit card breaches Credit Card Fraud credit cards credit fraud Cross-Device Security Cyber gangs cyber monday Cyber Security cyberbullying cybercrime cybercriminal cybercriminals cybersecurity cyberwise data Data Backup Data Breaches data security Data Storage DDOS Device Reputation digital devices Digital Forensics digital life Digital Security digitally secure Disaster Recovery DNS download DPI driver's license dumps E-Commerce eBanking Electronic Discovery Electronic ESI electronic passport EMV Endpoint Security entity theft Epsilon ERM ESI Ethics Events Facebook FCC FCPA FDIC Federal Government FFIEC Financial Crisis firewall FourSquare Fraud gaming Gartner Geo-tagging gold farming Governance GPS grc GRC evaluation GRC Marketplace GRC technology readiness GRChange Green IT grey charges guard dogs Hackers Hackproof Hacktivism holidays home invasion home security Hotspot HP IAM iCloud id ID Theft Identity theft Information Management Information Security Information Supply Insider Threat Internal Audit Internal Controls internet safety iOS app iovation IP address iphone iPhone security ISACA ISO 27000 ISO 27001 ISO 31000 IT Alignment it compliance it governance IT GRC Forum Events it risk management IT Security IT Service Management ITIL jailbreaking Jobs keylogger laptop security Litigation Malware marathon mCommerce Member Discount Mobile Mobile Apps Mobile Banking mobile device Mobile Device Management Mobile Devices Mobile payment mobile phone mobile security Mobile Wallet mSecurity Multi-Regulatory Compliance multifactor authentication myblog Network Security New Years NFC NFC app Online Backup Online Banking online dating online gaming online identity online privacy online safety Online Security online shopping Operational Management OSHA Outsourcing P2P Security Panel Partner Offers passport passwords PCI Performance Management personal data personal device Personal Security pheasting phishing Policy predator Privacy Prize Draw QR Codes ransomeware ransomware Regulation E remote access resume fraud Risk Assessment Risk Management RSA Rules safety tips scam scammer scammers Scams scareware Seasonal Security security apps security tips sext Shopping shredding skimming Skimming Fraud small business smartphone smartphones smishing Social Media social network Social Security SOX spammers spokesman Spyware SSDs Standards strangers Strategy tablets tax scams Tech tech support technology Threat Management Tokenization TQM Twitter typosquatting Virus VPN wallet web Webcast Q&A Wi-Fi WIFI WiFi password wireless
Banner