PCI

New PCI DSS version concentrates on multi-factor authentication and encryption

New PCI DSS version concentrates on multi-factor authentication and encryption

By

New PCI regulation will include a heavy focus on multi-factor authentic, people, processes and encryption

PCI SSC pushes back deadline for secure TLS

PCI SSC pushes back deadline for secure TLS

By

The PCI SSC has pushed back the date by which members must change to a secure version of TLS (currently 1.1 or higher); the migration is being revised today and pushed back from June 2016 to June 2018.

Companies getting better at PCI DSS compliance, finds Verizon

Companies getting better at PCI DSS compliance, finds Verizon

By

Verizon's fourth annual report into PCI DSS compliance finds that not a single breached company over the last decade has been fully compliant with PCI standards at the time of breach. However, there is at least light at the end of the tunnel.

PCI DSS 3.0, responsibility and protecting against third party access

PCI DSS 3.0, responsibility and protecting against third party access

Compliance with PCI DSS 3.0 is primarily about enforcing everyday security best practices, but Stuart Facey notes that secure third party access is a key part of that approach.

PCI Security Standards Forum warns on Backoff malware

PCI Security Standards Forum warns on Backoff malware

By

Malware around since last year, but only now visible to anti-virus security software.

Target breach aftermath: Is PCI compliance a 'tick box' exercise?

Target breach aftermath: Is PCI compliance a 'tick box' exercise?

By

PCI compliance was called a 'gold standard' and 'secure baseline' at a conference in London today, but not all believe that it does enough to guard against data breaches.

Don't blame PCI -  we need to deal with the card data

Don't blame PCI - we need to deal with the card data

Use of tokens is one of the ways we might limit the amount of sensitive data linked to our cards suggests Tim Critchley.

Chip and skim - major card security flaws

Chip and skim - major card security flaws

By

Cambridge University researchers have revealed "serious" flaws in chip-and-pin payment card security that, almost two years after they first reported them, have still not been fully fixed by the banks.

PCI compliance - how basic website hygiene can add business value

PCI compliance - how basic website hygiene can add business value

PCI compliance is like meeting food safefy standards, explains Tim Lansdale, its there for the benefit of customers.

PCI compliance: The slow road to progress

PCI compliance: The slow road to progress

By

PCI DSS 3.0 may be on the horizon, but a new study suggests that companies are not only slow in updating, but also approaching compliance in the wrong way.

ChewBacca malware hits retailers in 11 countries

By

A new point of sale-based Trojan called ChewBacca has been used to steal payment card and personal customer data from dozens of retailers across 11 countries, according to RSA.

Brian Krebs: How Target was targeted

Brian Krebs: How Target was targeted

By

Internal network analysis security would have stopped this attack - Peter Wood, Firstbase CEO

Safe Passage

Safe Passage

By

The latest PCI update offers improvements to ensure security in online transactions, says Tim Lansdale, head of payment security, WorldPay. Tony Morbin reports.

League table Go-Ahead

League table Go-Ahead

By

In a special one-off case study linking our themes of PCI compliance and security spend, Random Storm technical director and co-founder Andrew Mason describes to SC a case study that tackles both issues with the aid of league tables.

UK insurer hacked, loses 100K customer details

UK insurer hacked, loses 100K customer details

By

Nearly 100,000 Staysure customers may have had their personal details compromised.

New threats or old? It's both

New threats or old? It's both

By

It's a New Year with a new editor and new team members on SC. Thanks for the warm welcome from everyone we've met and we'll be talking to more of you throughout the year.

P2P encryption solution gets PCI SSC approval

P2P encryption solution gets PCI SSC approval

By

European Payment Services (EPS) in Berkshire has become the first vendor to have its point-to-point encryption (P2PE) hardware certified under global security standards used to protect consumer card data.

Retailer fights PCI fines for non-compliance following breach

By

A company is challenging costly penalties levied for non-compliance of Payment Card Industry (PCI) security standards, by suing the credit card company that imposed the fines.

PCI DSS standards to face open comment

By

The PCI Security Standards Council (PCI SSC) is looking for feedback on its payment industry guidelines and plans to roll out an online tool to make providing input easier.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US