PCI Merchants Featured Article
Joan Herbig
A Fresh New Start Means a Fresh New Look at your PCI Status
Happy New Year! It’s the time of year where many of us celebrate a fresh start and make new resolutions. Your resolution may have been one of the common ones: get to the gym more, stress less, actually use vacation days this year. Website hackers are no different. They make their own resolutions, albeit slightly different ones: attack more, reduce the time it takes to breach a database, take advantage of new attack vectors, and generally, cause more mayhem. Now that you have settled in after your first week back after the New Year, I’d like to suggest a new resolution to add to your others: take a few hours to review your PCI compliance status. Things change so quickly in the security spectrum, what was secure two weeks ago may be vulnerable today. Your business changes as well. You may accept more credit card payments. Internal groups may have grown or reorganized. You may have been fortunate enough to get a budget to buy another server or firewall.
Here are some ideas to get you started with your own PCI New Year’s resolution. Read more...
Recent Articles
If it isn't documented, how do you know what your employees are doing?
It appears to be fairly common to see organizations of all sizes think of the documentation requirements for PCI compliance as one of the easiest aspects of the standard to meet. After all, when you compare the ease of simply having to document specific requirements versus actually deploying the architecture, hardware, software and personnel to meet them, the documentation requirements seem fairly benign.
Who Are You? A, B, C or D? Check first if you're storing electronic cardholder data before you answer that question.
The PCI Council provides plenty of guidance on how to determine which Self-Assessment Questionnaire (SAQ) you should complete. Sounds pretty simple. You know your business better than most people, if not everyone.
Read more...
The PCI Basics/Quick Guide – what do small merchants need to do to achieve PCI compliance?
he day has come. You have received notification from your acquirer that your organization is required to submit Payment Card Industry (PCI) compliance validation.
Security as a Checklist? Think Again.
The concept of summarizing Payment Card Industry (PCI) requirements into a simple checklist is a welcome one, especially for merchants without a dedicated security team and budget.
Five Common Myths Debunked
There is a vast need for better information about PCI compliance in the marketplace. It is a relatively new standard and there is a lack of good information available. In this article I will outline a few of the most commonly held myths that we hear day in and day out from merchants, acquirers and service providers – along with the hard truths.
The Real Cost of Data Breach (It's more than you think—and you're more at risk than you know.)
Confusion. Denial. Plain old wishful thinking. That's what we hear when we talk to people about the real cost of data breach. Whether you're an ISO, an acquirer, or a merchant, maybe you've even said (or at least thought) some of these things yourself...
Read more...
PCI SAQ – Forms and Validation Types
If you are a merchant or service provider and accept credit cards you must validate PCI compliance at least annually. Network Security Scans are required of all merchants and service providers with external-facing IP addresses that collect, process or transmit payment account information.
PCI DSS: 5 Guidelines for Gaining PCI Compliance
If an organization doesn't know that they need to be PCI compliant, or if an organization just doesn't want to be bothered by having to obtain PCI compliance, it soon will not matter. The goal is to have all merchants, regardless of their merchant level, compliant with PCI DSS.
5 Steps to Manage a Data Breach?
Industry-specific guidelines and compliance measures, such as the Payment Card Industry's Data Security Standards (PCI DSS), are continuing to emphasize the enforcement of measures to close any and all security loopholes in a company's infrastructure
5 Steps to Manage a Data Breach? Part II
Though a smaller data breach-affecting only 250 private records-than its predecessors at TJX and ChoicePoint, the musical instrument company Bananas.com (Bananas at Large) was the victim of a hacker, who, according to published reports stole an administrative password by accessing Bananas.com systems as a remote user.
