SEARCH RESULTS
 
Showing 1-10 of 157 records
 
Expand article

PCI compliance are you just checking the box?

2007-11-14 22:05:00 by Patrick McGregor in Data Protection, Management and Leakage
 
I will be presenting at the RSR conference this week, and this has me thinking more deeply about challenges that retailers are facing in complying with the Payment Card Industry (PCI) standards . I speak with many retailers in my role BitArmor helps them secure and manage cardholder data in their environments. One of the challenges that retail...
 
Tags: pci, pci compliance, pci requires, address pci challenges, challenges, address, pci initiatives, retailers, data protection benefits
 
 
 
 
Expand article

Fun PCI FAQ - Good Reading

2008-11-26 20:30:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
Check out this cool PCI FAQ here , created by Andrew Plato. He reminds people about a few of the common "PCI misconceptions" (like, "when is the PCI deadline? - Yesterday") and key facts (like, "Do organizations using third-party processors have to be PCI-compliant? - Yes Finally, I also love, love, love his reminder that there are no "PCI...
 
Tags: pci -compliant products, products, pci-compliant product, pci-compliant, cool pci faq, love, pci compliance, third-party processors, single product
 
 
 
 
Expand article

PCI compliance, building the base

2008-06-12 11:54:22 by Burton Group in Security and Risk Management Strategies Blog
 
Blogger: Randall Gamby An alarming trend is beginning to surface within SMB PCI compliant companies, like Hannaford Brothers ( http://www.networkworld.com/news/2008/031708-hannaford-data-breach.html ), Okemo Mountain Resort ( http://www.okemo.com/okemowinter/security update.asp ), etc. Credit data is being stolen! While this is exceedingly bad,...
 
Tags: pci compliance, pci compliance requirements, military, top secret information, military branch, information, guard, guard houses, data
 
 
 
 
Expand article

PCI compliance, building the base

2008-06-12 11:54:22 by Burton Group in Security and Risk Management Strategies Blog
 
Blogger: Randall Gamby An alarming trend is beginning to surface within SMB ???PCI compliant??? companies, like Hannaford Brothers ( http://www.networkworld.com/news/2008/031708-hannaford-data-breach.html ), Okemo Mountain Resort ( http://www.okemo.com/okemowinter/security update.asp ), etc. Credit data is being stolen! While this is exceedingly...
 
Tags: pci compliance, pci compliance requirements, military, top secret information, military branch, information, data, credit data, guard
 
 
 
 
Expand article

The Hannaford PCI Fallout

2008-03-28 13:07:12 by Marc Othersen in Security & Risk Management
 
By now, most people have heard about the data breach at Hannaford. Here are some thoughts regarding potential fallout 1) PCI standard may change. Much depends on Hannaford disclosing the control failures leading to the data breach. The standard may be strengthened to address control areas that may have been overlooked. Should the controls that...
 
Tags: pci, current pci standard, pci standard, pci compliance auditors, pci audit, normal pci auditors, hannaford, standard, pci auditors
 
 
 
 
Expand article

Got PCI? Another aspect of data security and PCI, I did not know

2007-12-06 17:17:00 by Manu Namboodiri in Data Protection, Management and Leakage
 
Brian Kilcourse, managing partner from RSR Research shared some interesting research data with us at the recent conference. Turns out the best-in-class retailers are lagging behind in PCI compliance. Hmmm we agree that this does not make sense, and there were many conjectures as to why this is the case. A few of the reasons put forth - they know...
 
Tags: pci, pci boxes, best-in-class, class, pci perspective, best-in-class retailers, retailers, pci compliance, high-end analysis capabilities
 
 
 
 
Expand article

PCI Co and ASVs

2008-03-21 23:53:00 by Random InfoSec Guy in Security Coin
 
Talking of PCI SSC - We all know VISA has been the biggest contributer to the cause so far and has donated loads of time and IP towards PCI - which has been adopted by PCI Co - but what neither VISA nor PCI Co have been able to successfully do so far - is to monitor the ASVs / QSAs to do their jobs correctly. Meaning QSAs should not be allowed...
 
Tags: xss, xss flaws, xss vulnerabilities, pci, site, cross-site, pci ssc, site-specific, xss attacks
 
 
 
 
Expand article

Why PCI Is Good For Business

2007-12-03 17:16:25 by RSnake in ha.ckers.org web application security lab
 
Time to take a step back and look at PCI. We all know and love it, or love to hate it for various reasons, but Id like to go back to the roots of it all and ask one question, What is PCI for? The simple answer that I can get on board the most with is that its to promote spending by increasing consumer confidence. So the obvious goal is to reduce...
 
Tags: mega huge company-a, huge, pci, security, security directly impacts, company-a, mega huge company-b, company-b, exploit
 
 
 
 
Expand article

Mastercard.com NOT PCI Compliant

2008-01-05 17:40:33 by Bill in Grumpy Security Guy
 
Someone has found an XSS vulnerability on mastercard.com. The place it was found, the search function, is a notorious location for XSS vulnerabilities. The XSS payload that triggers the vulnerability leads me to believe that there was a fair amount of filtering going on but I guess not enough Who does Mastercard pay PCI penalties to Related...
 
Tags: pci, pci penalties, pci compliant, mastercard, pci sets, grumpy security guy, post, notorious location, xss vulnerabilities
 
 
 
 
Expand article

PCI 6.6 clarified

2008-04-22 16:47:40 by Bill in Grumpy Security Guy
 
Trey Ford has a good roundup of the new PCI 6.6 clarification in PCI 6.6 Information Supplement Released. All I have to say is well done to the PCI council! From my first pass it seems like it is pretty clear AND they understand the issues organizations are facing. I have a few nits, here and there but it is 1000% better than it was before ...