Complying with Standards drawn by the Payment Card Industry Security Standards Council can be complicated and time-consuming. But, with a PCI DSS Gap Analysis, the process becomes a lot easier, streamlined, and less exhaustive. PCI Gap Analysis is the first step towards the Compliance process. The assessment provides details on your current security posture against what is expected and needs to be...

The cyber threat landscape today continues to pose a myriad of unique challenges. This is especially the case for industrial organizations due to factors such as aging equipment, poor design or implementation, skills gaps and a lack of visibility. These shortcomings are exacerbated by the mean time to breach detection, which continues to hover above 150 days on average . The SANS Institute via the...

Organizations cannot afford to neglect their PCI compliance obligations. According to its website , PCI could punish offending organizations with a monetary penalty ranging in value from $5,000 to $100,000 per month. These fines could spell the end for a small business. Acknowledging those consequences, organizations need to make sure they’re PCI compliant. More than that, they must ensure they’re...

Why is cybersecurity important to Education? Acknowledging recent reports of ransomware targeting educational institutions, it is no wonder that there have also been articles that attempt to lure in readers with “free” tools. What is disappointing is that these “free” tools are little more than marketing pieces that direct you to click on readily available documentation from Microsoft or Google...

Payment services that operate electronically should adopt technologies that guarantees the safe authentication of the user and reduces, to the maximum extent possible, the risk of fraud. In order to achieve this, the European Union in 2007 passed the Payment Services Directive (PSD). The aim of this legislation is to regulate payment services and payment service providers throughout the European...

Cloud computing has transformed the IT industry, as services can now be deployed in a fraction of the time that it used to take. Scalable computing solutions have spawned large cloud computing companies such as Amazon Web Services (AWS), Google Cloud and Microsoft Azure. With a click of a button, personnel can create or reset entire infrastructure for a computing resource in three different cloud...

PCI DSS, or the Payment Card Industry Data Security Standard, is the set of requirements for organizations who process card payments. Sounds simple enough, right? But PCI compliance can pose a major challenge to organizations if they’re not equipped with the proper knowledge and tools. Let’s take a quick look at the basics of PCI compliance, what the actual requirements consist of and methods...

Compliance with version 3.2 of the Payment Card Industry Data Security Standard (PCI DSS) is a must for organizations that handle, process, transmit and store payment card data. But compliance isn’t always easy to establish or maintain. Indeed, there are certain challenges along the way that can make organizations’ compliance with PCI DSS 3.2 superficial and short-lived. To beat those challenges...

The Payment Card Industry Security Standards Council (PCI SSC) published a minor revision to version 3.2 of its Data Security Standard (PCI DSS). On 17 May, PCI SSC published PCI DSS version 3.2.1. The purpose of the update was to clarify organizations' use of the Standard and when they would need to upgrade their use of common cryptographic protocols. PCI SSC Chief Technology Officer Troy Leach...

The latest revision to PCI DSS, PCI 3.2, provides specific security guidance on the handling, processing, transmitting and storing of credit card data. PCI 3.2 presents an opportunity for retail, healthcare, finance and hospitality organizations to minimize the theft, exposure and leakage of their customer’s personal and financial credit information by strengthening weakened security controls. For...

Much attention and excitement within the security world has recently been focused on the lucrative surge in crypto-mining malware and hacks involving or targeting cryptocurrency implementations themselves. Yet the volume of ‘real world’ transactions for tangible goods and services currently paid for with cryptocurrency is still relatively niche in comparison to those that are being paid for every...

Two significant ransomware attacks occurred in the first half of 2017. The first outbreak took place on May 12, 2017, when WannaCry leveraged a known Windows exploit to infect hundreds of thousands of vulnerable computers around the world, including 34 percent of UK National Health Service (NHS) trusts . Less than two months later, NotPetya abused that same Microsoft vulnerability to strike banks...

To distinguish the size of merchant companies and appropriately determine the level of testing required, the founding credit card companies created four different brackets ranging from Tier 1 to 4. Each tier is based on the number of transactions processed per year by the merchant and also dictates the testing a merchant must undertake. While transactions are the primary determiner, a merchant can...

The retail industry saw more than its fair share of data breaches in 2017, with security incidents impacting at American supermarket chain Whole Foods Market and clothing companies Brooks Brothers , The Buckle , and Forever 21 , to name a few. At least some of those events likely resulted from retailers' poor data breach preparation. Consider the fact that just 28 percent of IT security...

The Payment Card Industry Data Security Standard (PCI DSS) was introduced to provide a minimum degree of security when it comes to handling customer card information. While the Standard has been around for over a decade, penetration testing has only recently been officially incorporated into the process. There’s a lot to cover in a PCI DSS engagement, and some aspects may fly under the radar as a...

Nearly half of organizations that store, process or transmit card data are still failing to maintain PCI DSS compliance from year to year, reveal new statistics. According to the 2017 Verizon Payment Security Report , the number of enterprises becoming fully compliant is on an upward trend—growing almost five-fold since 2012. Last year, 55.4 percent of organizations interviewed, including those in...

Since 2004, merchant companies that handle branded credit cards have worked to maintain compliance with the Payment Card Industry Data Security Standards (PCI DSS). These regulations, which consist of six fundamental control objectives and 12 core requirements , aim to protect payment card data for customers. They also help card issuers and banks limit their liability in the event a merchant...

There is never a dull moment for compliance and security. Case in point, amidst a brewing storm of regulation, version 3.2 of the Payment Card Industry Data Security Standards (PCI DSS) announced in late spring articulates good data security intent along with controversy. PCI has been around since 2006, and aims to protect payment data for consumers and card issuers. A worthy cause, no question...