The vision is that Card Not Present transactions will be increasingly deflected onto other payment channels, completely bypassing the use of card numbers at the website/call centre.
PCI DSS compliance doesn't guarantee security, but half of PCI certified companies aren't compliant which does indicate vulnerability to cyber-attack. "It's not a project, it's a programme - something you need to maintain."
New PCI regulation will include a heavy focus on multi-factor authentic, people, processes and encryption
Worldpay's electronic payment gateway setup pages offer poor security seals on credit card details, according to a security researcher.
The PCI SSC has pushed back the date by which members must change to a secure version of TLS (currently 1.1 or higher); the migration is being revised today and pushed back from June 2016 to June 2018.
Thirteen million customers of the "free" web hosting company 000Webhost have suffered following a significant data breach, with data reportedly already for sale on underground markets.
The Payment Card Industry Data Security Standard (PCI DSS) is intended to help organisations ensure the safe handling of sensitive payment card data. But it can also present significant (and potentially expensive) regulatory hurdles, says Matthew Bryars.
Retailers must migrate to PCI DSS v3.1 by June 2016 which means an overhaul in the way data is encrypted and transmitted, says Kevin Bocek.
Speaking at a US Federal Reserve conference in Missouri, Jerome Powell called EMV card deployment a step forward but questioned the security of cards that use signatures, not PINs, for authentication.
The CBEST testing framework created by the Bank of England is a positive step but it could be stronger, says Clayton Locke.
Matthew Bryars, CEO of Aeriandi, analyses the threat of insider fraud and what contact centres can do to minimise risk
PCI DSS v3.1 has been announced in a bid to close known security vulnerabilities in SSL and some TLS protocols;14 month transition.
Verizon's fourth annual report into PCI DSS compliance finds that not a single breached company over the last decade has been fully compliant with PCI standards at the time of breach. However, there is at least light at the end of the tunnel.
Suspicious activity now needs to be monitored in the entire processing chain, hence implementing PCI DSS 3.0 helps stop attacks before compromises occur says Ross Brewer.
Compliance with PCI DSS 3.0 is primarily about enforcing everyday security best practices, but Stuart Facey notes that secure third party access is a key part of that approach.
Malware around since last year, but only now visible to anti-virus security software.
PCI compliance was called a 'gold standard' and 'secure baseline' at a conference in London today, but not all believe that it does enough to guard against data breaches.
This development represents something of a shift in hacker methodology - Nigel Stanley, Incoming Thought CEO/analyst
PCI compliance is like meeting food safefy standards, explains Tim Lansdale, its there for the benefit of customers.
PCI DSS 3.0 may be on the horizon, but a new study suggests that companies are not only slow in updating, but also approaching compliance in the wrong way.
A new point of sale-based Trojan called ChewBacca has been used to steal payment card and personal customer data from dozens of retailers across 11 countries, according to RSA.
In a special one-off case study linking our themes of PCI compliance and security spend, Random Storm technical director and co-founder Andrew Mason describes to SC a case study that tackles both issues with the aid of league tables.
Nearly 100,000 Staysure customers may have had their personal details compromised.
With the right approach, it is possible to ensure compliance AND take advantage of the cloud says Garry Sidaway
Check Point has announced the launch of its compliance software blade that tracks the modifications that IT teams make to networks and policies and alerts to any potential compliance issues arising from those changes.
Guidelines on cloud computing have been released by the PCI security standards council.
The PCI Security Standards Council has released security guidelines for data security in e-commerce instances.