Pci Dss News, Articles and Updates

PCI DSS 2018: What does the future hold?

The vision is that Card Not Present transactions will be increasingly deflected onto other payment channels, completely bypassing the use of card numbers at the website/call centre.

100% of breached PCI certified companies failed PCI compliance audit

PCI DSS compliance doesn't guarantee security, but half of PCI certified companies aren't compliant which does indicate vulnerability to cyber-attack. "It's not a project, it's a programme - something you need to maintain."

New PCI DSS version concentrates on multi-factor authentication and encryption

New PCI regulation will include a heavy focus on multi-factor authentic, people, processes and encryption

Worldpay merchant portal allowed merchants to view customer card data

Worldpay's electronic payment gateway setup pages offer poor security seals on credit card details, according to a security researcher.

PCI SSC pushes back deadline for secure TLS

The PCI SSC has pushed back the date by which members must change to a secure version of TLS (currently 1.1 or higher); the migration is being revised today and pushed back from June 2016 to June 2018.

000webhost suffers major data breach, loses 13 million plaintext passwords

Thirteen million customers of the "free" web hosting company 000Webhost have suffered following a significant data breach, with data reportedly already for sale on underground markets.

The path to PCI DSS compliance: why businesses don't have to walk it alone

The Payment Card Industry Data Security Standard (PCI DSS) is intended to help organisations ensure the safe handling of sensitive payment card data. But it can also present significant (and potentially expensive) regulatory hurdles, says Matthew Bryars.

PCI DSS v3.1 - Are you ready?

Retailers must migrate to PCI DSS v3.1 by June 2016 which means an overhaul in the way data is encrypted and transmitted, says Kevin Bocek.

US still lags on chip and pin for card security

Speaking at a US Federal Reserve conference in Missouri, Jerome Powell called EMV card deployment a step forward but questioned the security of cards that use signatures, not PINs, for authentication.

The need for industry standards in the fight against cyber-crime

The CBEST testing framework created by the Bank of England is a positive step but it could be stronger, says Clayton Locke.

Securing the contact centre from the inside out

Matthew Bryars, CEO of Aeriandi, analyses the threat of insider fraud and what contact centres can do to minimise risk

PCI gives 14 months to fix high risk SSL problem

PCI DSS v3.1 has been announced in a bid to close known security vulnerabilities in SSL and some TLS protocols;14 month transition.

Companies getting better at PCI DSS compliance, finds Verizon

Verizon's fourth annual report into PCI DSS compliance finds that not a single breached company over the last decade has been fully compliant with PCI standards at the time of breach. However, there is at least light at the end of the tunnel.

How does PCI DSS 3.0 affect you?

Suspicious activity now needs to be monitored in the entire processing chain, hence implementing PCI DSS 3.0 helps stop attacks before compromises occur says Ross Brewer.

PCI DSS 3.0, responsibility and protecting against third party access

Compliance with PCI DSS 3.0 is primarily about enforcing everyday security best practices, but Stuart Facey notes that secure third party access is a key part of that approach.

PCI Security Standards Forum warns on Backoff malware

Malware around since last year, but only now visible to anti-virus security software.

Target breach aftermath: Is PCI compliance a 'tick box' exercise?

PCI compliance was called a 'gold standard' and 'secure baseline' at a conference in London today, but not all believe that it does enough to guard against data breaches.

PCI DSS audit tool cracked by cybercriminals

This development represents something of a shift in hacker methodology - Nigel Stanley, Incoming Thought CEO/analyst

PCI compliance - how basic website hygiene can add business value

PCI compliance is like meeting food safefy standards, explains Tim Lansdale, its there for the benefit of customers.

PCI compliance: The slow road to progress

PCI DSS 3.0 may be on the horizon, but a new study suggests that companies are not only slow in updating, but also approaching compliance in the wrong way.

ChewBacca malware hits retailers in 11 countries

A new point of sale-based Trojan called ChewBacca has been used to steal payment card and personal customer data from dozens of retailers across 11 countries, according to RSA.

League table Go-Ahead

In a special one-off case study linking our themes of PCI compliance and security spend, Random Storm technical director and co-founder Andrew Mason describes to SC a case study that tackles both issues with the aid of league tables.

UK insurer hacked, loses 100K customer details

Nearly 100,000 Staysure customers may have had their personal details compromised.

Compliance and the cloud: a culture clash

With the right approach, it is possible to ensure compliance AND take advantage of the cloud says Garry Sidaway

Check Point introduces compliance-focused software blade

Check Point has announced the launch of its compliance software blade that tracks the modifications that IT teams make to networks and policies and alerts to any potential compliance issues arising from those changes.

Cloud computing guidance issued by PCI council

Guidelines on cloud computing have been released by the PCI security standards council.

PCI council issues guidance on e-commerce

The PCI Security Standards Council has released security guidelines for data security in e-commerce instances.