SEARCH RESULTS
 
Showing 1-10 of 177 records
 
Expand article

Is PCI Worthless?

2008-03-19 17:18:21 by rmogull in securosis.com
 
...PCI is worthless Some of the commenters werent too pleased with this statement, an example from @Mike That said, to discount the program as worthless makes me question how informed the person saying it really is about this topic Ive been digging into PCI since it before it was PCI (Visa CISP) and talked with all sides, from struggling...
 
Tags: pci, credit card companies, companies, fix pci, pci process, pci-dss, non-compliant companies, pci compliant, worthless
 
 
 
 
Expand article

Is PCI compliance creating a false sense of security?

2008-03-28 09:44:50 by Burton Group in Security and Risk Management Strategies Blog
 
...PCI compliant, but last week a breach changed all that. Last Monday, Scarborough, Maine-based Hannaford Brothers Co., a regional Grocery Store chain the Northeast U.S. (and the store I shop at and pay using my debit card) had a breach that exposed up to 4.2 million credit and debit cardholders to potential fraud The result of this breach so...
 
Tags: pci compliance, compliant, pci compliant merchant, pci, pci compliance statement, merchant, pci compliant, pci dss, pci compliance measures
 
 
 
 
Expand article

Is PCI compliance creating a false sense of security?

2008-03-28 09:44:50 by Burton Group in Security and Risk Management Strategies Blog
 
...PCI compliant, but last week a breach changed all that. Last Monday, Scarborough, Maine-based Hannaford Brothers Co., a regional Grocery Store chain the Northeast U.S. (and the store I shop at and pay using my debit card) had a breach that exposed up to 4.2 million credit and debit cardholders to potential fraud The result of this breach so...
 
Tags: pci compliance, compliant, pci compliant merchant, pci, pci compliance statement, merchant, pci compliant, pci dss, pci compliance measures
 
 
 
 
Expand article

PCI compliance are you just checking the box?

2007-11-14 22:05:00 by Patrick McGregor in Data Protection, Management and Leakage
 
...PCI) standards . I speak with many retailers in my role BitArmor helps them secure and manage cardholder data in their environments. One of the challenges that retail CISOs face is selling senior management on the funding of PCI initiatives. Often, senior management would rather invest in opening a new store than in purchasing an encryption...
 
Tags: pci, pci compliance, pci requires, address pci challenges, challenges, address, pci initiatives, retailers, data protection benefits
 
 
 
 
Expand article

PCI SSC adds PA-DSS

2008-04-15 21:46:20 by Michael Dahn in PCI Blog - Compliance Demystified
 
...PCI SSC added a new standard to the running list of standards and documents it manages (PCI DSS, SAP, SAQ). We reported this was going to happen back in November of last year. The Payment Application Data Security Standard (PA-DSS) is now formally a standard that the Council manages. Check out the press release here PA-DSS is the...
 
Tags: pa-dss, pa-dss requirements apply, pa-dss requirements, pre-pabp version, payment applications, in-house payment applications, pabp version, pci ssc, pabp
 
 
 
 
Expand article

MUST-DO Logging for PCI?

2008-02-11 10:46:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...PCI DSS compliance? Since this is a common question, I am broadcasting it here The honest answer to the above question is that there is no list of what EXACTLY you MUST be logging due to PCI or, pretty much, any other recent "compliance thingy" (as we all know, PCI DSS rules are more specific than most others). However, the above does NOT...
 
Tags: pci, pci dss rules, pci dss compliance, pci dss guidance, compliance, log, must-log-this, pci book, log management
 
 
 
 
Expand article

The Hannaford PCI Fallout

2008-03-28 13:07:12 by Marc Othersen in Security & Risk Management
 
...PCI standard may change. Much depends on Hannaford disclosing the control failures leading to the data breach. The standard may be strengthened to address control areas that may have been overlooked. Should the controls that failed not be part of the current PCI standard, they will most likely be added in the future. Should the controls...
 
Tags: pci, current pci standard, pci standard, pci compliance auditors, pci audit, normal pci auditors, hannaford, standard, pci auditors
 
 
 
 
Expand article

Got PCI? Another aspect of data security and PCI, I did not know

2007-12-06 17:17:00 by Manu Namboodiri in Data Protection, Management and Leakage
 
...PCI compliance. Hmmm we agree that this does not make sense, and there were many conjectures as to why this is the case. A few of the reasons put forth - they know how difficult the process is and are taking their time; they dont care about fines (the fines dont make a dent), it is too complex for the leaders etc My theory is this retailers...
 
Tags: pci, pci boxes, best-in-class, class, pci perspective, best-in-class retailers, retailers, pci compliance, high-end analysis capabilities
 
 
 
 
Expand article

Securosis is Now PCI Certified

The Article has images
2008-04-01 14:59:57 by rmogull in securosis.com
...PCI certification. Although ASVs continue to drop their rates and reduce the requirements for compliance by issuing exceptions, its still a costly and intrusive process. Sure, pretty much anyone who signs up and completes payment achieves certification, but adoption rates are still low and only a fraction of the retail community, especially...
 
Tags: pci, free pci certification, pci certification, free, scanless pci, compliant, pci compliant, jeremiah grossman, jeremiah
 
 
 
 
Expand article

Rebecca Herold on PCI and Logging

2008-04-04 16:08:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...PCI and logging. She also touches on using logs to deal with insiders. My ego is telling me to be upset since she doesn't mention either a " PCI Compliance " book (free chapter on logging for PCI is here ) or any of my other related writing, but I will survive it However, she makes one snafu that makes me cringe (and also think negative...