PCI News, Articles and Updates

PCI DSS 2018: What does the future hold?

The vision is that Card Not Present transactions will be increasingly deflected onto other payment channels, completely bypassing the use of card numbers at the website/call centre.

The biggest challenges for businesses securing their payments

Overcoming the top five challenges businesses experience when securing their payments: Protecting data in-transit; Failing to test and audit systems; Managing chargebacks; Authenticating transactions; Physical security of data.

New PCI DSS version concentrates on multi-factor authentication and encryption

New PCI regulation will include a heavy focus on multi-factor authentic, people, processes and encryption

PCI SSC pushes back deadline for secure TLS

The PCI SSC has pushed back the date by which members must change to a secure version of TLS (currently 1.1 or higher); the migration is being revised today and pushed back from June 2016 to June 2018.

Companies getting better at PCI DSS compliance, finds Verizon

Verizon's fourth annual report into PCI DSS compliance finds that not a single breached company over the last decade has been fully compliant with PCI standards at the time of breach. However, there is at least light at the end of the tunnel.

PCI DSS 3.0, responsibility and protecting against third party access

Compliance with PCI DSS 3.0 is primarily about enforcing everyday security best practices, but Stuart Facey notes that secure third party access is a key part of that approach.

PCI Security Standards Forum warns on Backoff malware

Malware around since last year, but only now visible to anti-virus security software.

Target breach aftermath: Is PCI compliance a 'tick box' exercise?

PCI compliance was called a 'gold standard' and 'secure baseline' at a conference in London today, but not all believe that it does enough to guard against data breaches.

Don't blame PCI - we need to deal with the card data

Use of tokens is one of the ways we might limit the amount of sensitive data linked to our cards suggests Tim Critchley.

Chip and skim - major card security flaws

Cambridge University researchers have revealed "serious" flaws in chip-and-pin payment card security that, almost two years after they first reported them, have still not been fully fixed by the banks.

PCI compliance - how basic website hygiene can add business value

PCI compliance is like meeting food safefy standards, explains Tim Lansdale, its there for the benefit of customers.

PCI compliance: The slow road to progress

PCI DSS 3.0 may be on the horizon, but a new study suggests that companies are not only slow in updating, but also approaching compliance in the wrong way.

ChewBacca malware hits retailers in 11 countries

A new point of sale-based Trojan called ChewBacca has been used to steal payment card and personal customer data from dozens of retailers across 11 countries, according to RSA.

Brian Krebs: How Target was targeted

Internal network analysis security would have stopped this attack - Peter Wood, Firstbase CEO

Safe Passage

The latest PCI update offers improvements to ensure security in online transactions, says Tim Lansdale, head of payment security, WorldPay. Tony Morbin reports.

League table Go-Ahead

In a special one-off case study linking our themes of PCI compliance and security spend, Random Storm technical director and co-founder Andrew Mason describes to SC a case study that tackles both issues with the aid of league tables.

UK insurer hacked, loses 100K customer details

Nearly 100,000 Staysure customers may have had their personal details compromised.

New threats or old? It's both

It's a New Year with a new editor and new team members on SC. Thanks for the warm welcome from everyone we've met and we'll be talking to more of you throughout the year.

P2P encryption solution gets PCI SSC approval

European Payment Services (EPS) in Berkshire has become the first vendor to have its point-to-point encryption (P2PE) hardware certified under global security standards used to protect consumer card data.

Retailer fights PCI fines for non-compliance following breach

A company is challenging costly penalties levied for non-compliance of Payment Card Industry (PCI) security standards, by suing the credit card company that imposed the fines.

PCI DSS standards to face open comment

The PCI Security Standards Council (PCI SSC) is looking for feedback on its payment industry guidelines and plans to roll out an online tool to make providing input easier.