PCI SSC News, Articles and Updates

Newsbite: PCI SSC to encourage more qualified integrators and resellers

PCI SCC says it is making changes to the Qualified Integrators and Resellers programme to reduce merchant risk by mitigating the leading causes of payment data breaches.

New PCI standard lets card users self-authenticate by web or mobile

Consumers are now able to authenticate themselves with their credit and debit card issuers when buying online by using web browsers or via mobile applications using the new EMV® 3DS standard, designed to cut online card fraud.

Trustwave: 63 percent of breaches observed targeted payment card data

New report from security company Trustwave illustrates a wave of crime looking to steal payment information from those in the hospitality, retail and food and beverage industries.

New PCI DSS version concentrates on multi-factor authentication and encryption

New PCI regulation will include a heavy focus on multi-factor authentic, people, processes and encryption

PCI SSC pushes back deadline for secure TLS

The PCI SSC has pushed back the date by which members must change to a secure version of TLS (currently 1.1 or higher); the migration is being revised today and pushed back from June 2016 to June 2018.

PCI DSS v3.1 - Are you ready?

Retailers must migrate to PCI DSS v3.1 by June 2016 which means an overhaul in the way data is encrypted and transmitted, says Kevin Bocek.

ICYMI: SSL and Magento flaws, APT gangs & the breach blame game

This week's ICYMI column looks at the top stories on SC from the last week, from the breach blame game and Anonymous hackers to the discovery and patching of critical SSL and Magento flaws.

PCI gives 14 months to fix high risk SSL problem

PCI DSS v3.1 has been announced in a bid to close known security vulnerabilities in SSL and some TLS protocols;14 month transition.

Companies getting better at PCI DSS compliance, finds Verizon

Verizon's fourth annual report into PCI DSS compliance finds that not a single breached company over the last decade has been fully compliant with PCI standards at the time of breach. However, there is at least light at the end of the tunnel.

Regulatory compliance and risk includes third-parties

Third Party IT services suppliers must reassess governance, risk management and compliance responsibilities.

Chip and skim - major card security flaws

Cambridge University researchers have revealed "serious" flaws in chip-and-pin payment card security that, almost two years after they first reported them, have still not been fully fixed by the banks.

Safe Passage

The latest PCI update offers improvements to ensure security in online transactions, says Tim Lansdale, head of payment security, WorldPay. Tony Morbin reports.

P2P encryption solution gets PCI SSC approval

European Payment Services (EPS) in Berkshire has become the first vendor to have its point-to-point encryption (P2PE) hardware certified under global security standards used to protect consumer card data.