User Blogs

User Blogs

Discussions and Blogs
Tags >> PCI
Jun 12
2012

Update version of the PCI Compliance Dashboard

Posted by Didier Godart in PCI

Didier Godart

Please feel free to use this “compliance dashboard” spreadsheet to sustain your PCI compliance journey.

Nov 16
2011

Almost 80% of Retailers Data At High Risk

Posted by Robert Siciliano in PCI

Robert Siciliano

The PCI Security Standards Council is an open global forum, launched in 2006, that is responsible for the development, management, education, and awareness of the PCI Security Standards, including the Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) requirements.

Nov 15
2011

PCI 30 seconds newsletter #14 – The World Isn't Perfect

Posted by Didier Godart in PCI

Didier Godart
According to the 2011 Verizon Payment Card Industry Compliance Report, requirement 11 - "Regularly test security systems and processes" - is the one least met, so I thought I would dedicate a few newsletters to this subject, starting with the definition and source of vulnerabilities. 

The term "vulnerabilities" is often used in the PCI DSS standard to mean the following (per the definition given by the Council):

Oct 31
2011

New PCI Compliance Dashboard Available - Nov 2011

Posted by Didier Godart in PCI

Didier Godart

Please feel free to use this “compliance dashboard” spreadsheet to sustain your PCI gap analysis exercise. It encompasses:

Oct 24
2011

PCI 30 seconds newsletter #13 – Compensating controls, Magic or Mirage?

Posted by Didier Godart in PCI

Didier Godart

There are circumstances where companies could face some technical or business impediments preventing them from implementing the requirements as explicitly stated in the standard. Does this mean that these companies could never achieve and maintain compliance?

Oct 20
2011

Cloud-Based ATMs Coming Your Way

Posted by Robert Siciliano in PCI , Cloud Security , Cloud

Robert Siciliano

Criminals often target cash machines, as well as various other automated kiosks that dispense DVDs, tickets, or other merchandise. They have discovered numerous techniques for compromising these devices. According to the ATM Industry Association (ATMIA), ATM fraud alone results in over a billion dollars in losses each year.

Oct 10
2011

New PCI Compliance Dashboard - Available

Posted by Didier Godart in PCI

Didier Godart

The PCI Compliance Dashboard is a spreadsheet providing  a single view on all information you need to complete the PCI Compliance process without requiring to open multiple documents on the side.

Oct 03
2011

PCI 30 second newsletter N°5 – What's your “type”?

Posted by Didier Godart in PCI

Didier Godart

Do not mistake “Levels” for “Types”!

In newsletter #4 we saw that the payment brands classify organizations accepting and processing credit cards into “levels.” Levels are related to the number of transaction processed annually on the payment brand networks and are used to indicate what compliance validation procedures and reporting requirements targeted entities are expected to complete.

Oct 03
2011

My thoughts on the 2011 Verizon PCI Compliance Report

Posted by Didier Godart in PCI , Information Security , Compliance

Didier Godart

If you ever endeavour getting data about the compliance rate from PCIco or the Payment Brands you would know how challenging it is, probably more challenging than finding the Holy Grail. So in this context the release of the Verizon 2011 Payment Card Industry Compliance Report is quite enlightening for the security industry and merchant community. It gives us a good sense of reality of the field.

Sep 24
2011

International Credit Card Hackers Hammered

Posted by Robert Siciliano in PCI

Robert Siciliano

Retailers can temporarily rejoice (for about a minute) now that six cyber villains have been caught in two different international credit card fraud rings.

Sep 08
2011

PCI 30 seconds Newsletter N°4 – Merchant levels: What, Who and How.

Posted by Didier Godart in PCI

Didier Godart

What is a level? 

“Levels” is a classification of organizations accepting and processing credit cards.  They are defined and used by the payment brands to indicate what compliance validation procedures and reporting requirements targeted entities are expected to complete.

Sep 02
2011

PCI 30 seconds Newsletter N°3 – Roles distribution for the PCI play.

Posted by Didier Godart in PCI

Didier Godart
In this newsletter we will distribute the roles for the PCI play. 

Regulators (scenarists and directors)

  • «
  •  Start 
  •  Prev 
  •  1 
  •  2 
  •  Next 
  •  End 
  • »

Subscribe via Email

 Your Email:
Banner

Tag Cloud

2012 abduction Aberdeen Group alarm alarms amazon Android antivirus Apple Application Security Apps atm safety ATM scams atm security ATM Skimming Audit authentication auto scam Bank Fraud Banking Security BillGuard biometric biometric password Black Hat Hackers BlackBerry botnet BPM breaches Browser Security BS 25999 burglar burglary Business Continuity business security BYOD camera surveillance systems car keys car scams card fraud catphishing change management cheating child credit child identity theft child internet safety child ssn children pictures Chip and PIN cards Cloud Cloud Security Cobit collaboration Community discussion Compliance computer failure computer security Consumer Fraud Consumer IT Tips consumer privacy consumer scams contactless Craigslist craigslist scam credit card credit card breach credit card breaches Credit Card Fraud credit card safety credit card security credit cards credit fraud credit freeze criminal Criminal Hackers Criminal Identity Theft Cross-Device Security customer privacy cyber crime cyber criminals cyber fraud Cyber gangs cyber invasion cyber monday Cyber Security cyberbullying cybercrime cybercriminal cybercriminals cybersafety cybersecurity cyberwise data Data Backup data breach Data Breaches data privacy data protection data security Data Storage data theft dating scams DDOS debit cards Device Reputation digital devices Digital Forensics digital life Digital Security digitally secure Disaster Recovery DNS download DPI driver's license dumps E-Commerce eBanking Electronic Discovery Electronic ESI electronic passport email email and web security email security EMV EMV chip Endpoint Security entity theft Epsilon ERM ESI ethical hacker Ethics Events Facebook Facebook privacy facebook safety tips facebook scam fake id FBI FCC FCPA FDIC Federal Government FFIEC Financial Crisis financial fraud firewall FourSquare Fraud gaming Gartner Geo-tagging gold farming google alerts Governance GPS grc GRC evaluation GRC Marketplace GRC technology readiness GRChange Green IT grey charges guard dogs hacked hacker Hackers hacking Hackproof Hacktivism holiday scam holiday shopping holidays home alarm home burglar home burglary home invasion home protection home safety home security home security cameras home security system home surveillance video Hotspot HotSpot Shield VPN HP IAM iCloud id ID Theft identity fraud identity proofing identity protection Identity theft identity theft prevention identity theft protection Information Management Information Security Information Supply Insider Threat Internal Audit Internal Controls internet safety internet tracking investment fraud iOS app iovation IP address iphone iphone apps iPhone security IRS IRS Scams ISACA ISO 27000 ISO 27001 ISO 31000 IT Alignment it compliance it governance IT GRC Forum Events it risk management IT Security IT Service Management ITIL jailbreaking Jobs keylogger kids online safety kids privacy kids safety laptop security license linkedin scam Litigation Loan fraud loan scam lottery scam Magstripe malicious Malware malware phishing marathon master password mCommerce medical emergency medical ID theft Medical Identity Theft medical scammers Member Discount Mobile Mobile Apps Mobile Banking mobile device Mobile Device Management Mobile Devices Mobile payment mobile phone mobile phone security mobile privacy mobile risks mobile security mobile spam Mobile Wallet modem mSecurity Multi-Regulatory Compliance multifactor authentication myblog netgear Network Security New Years NFC NFC app Online Backup Online Banking online dating online fraud online gaming online identity online privacy online safety online scams Online Security online shopping Operational Management OSHA Outsourcing P2P Security Panel Partner Offers passport password password alert password manager password security passwords PCI Performance Management personal data personal device Personal Security pheasting phishing phishing alert Phishing email phishing emails phishing scams Policy predator Privacy privacy and security privacy issues privacy policy Prize Draw protecting kids online proxy proxy server public WIFI QR Codes ransomeware ransomware Regulation E remote access resume fraud Risk Assessment Risk Management romance scam router RSA Rules russian hacker safety tips scam scammer scammers Scams scareware Seasonal Security security apps security camera security tips sext Sexting Shopping shopping tips Shoulder Surfers shredding skimming Skimming Fraud small business smartphone smartphones smishing Social Media Social Media privacy social media safety social media scams Social Media security social network Social Security SOX spam spammers spokesman Spy Hackers Spyware SSDs ssn Standards strangers Strategy survival survival tips tablets tax fraud tax return scams tax scam tax scams Tech tech support technology teenage Threat Management Tokenization TQM trojan Twitter Twitter Spam two step verification typosquatting video cameras Virus viruses VPN wallet web Webcast Q&A website hacking white hat hacker White Hat Hackers Wi-Fi WIFI wifi hacking WiFi password Wifi security wireless Worms
Banner