Got a Payment Card Data Breach?

December 1, 2014 • Published Categories Best PracticesTags , , ,

While many payment card data breaches are easily preventable, they can and do still happen to businesses of all sizes. If your small or mid-sized business has discovered it’s been breached, the ETA’s Risk, Fraud & Security Committee and Arnall Golden Gregory LLP have produced a straightforward guide … Read more

New “Backoff” Point-of-Sale Malware Alert

July 31, 2014 • Published Categories Industry TopicsTags , , , , , ,
Remote security

The United States Computer Emergency Readiness Team (US-CERT) has issued an advisory warning of a new POS malware that, “at the time of discovery and analysis…had low to zero percent anti-virus detection rates, which means that fully updated anti-virus engines on fully patched computers could … Read more

Visa Issues Security Alert Regarding Insecure Remote Access

July 3, 2014 • Published Categories Industry TopicsTags , , , , , , , , , , , ,

The recent rash of data security breaches stemming from insecure remote access and user credential management issues has prompted Visa to issue a Data Security Alert to all merchants and the acquirers who serve them. Here is the statement from Visa’s email, which ControlScan received … Read more

SAQ A vs. A-EP: What E-Commerce Merchants, Service Providers Need to Know Now

June 12, 2014 • Published Categories Industry TopicsTags , , , , , ,

Taking a firm stance on the security of partially outsourced e-commerce sites. When the new PCI DSS version 3.0 Self Assessment Questionnaires (SAQs) were released earlier this year, my colleagues and I closely read them to understand the potential impact on self-assessing merchants as well … Read more

Target’s 3DES Encryption Statement: What Does It Tell Us? What Information is Missing? And Where Does PCI Apply?

December 31, 2013 • Published Categories Industry TopicsTags , , , , , , ,

On December 27, Target issued an official statement about hackers’ access to encrypted debit card PIN data along with the payment card numbers accessed during its breach event. Some have wondered whether Target’s claims regarding the encrypted PIN codes are accurate. Although Target has not provided us … Read more

If You Are “in the Cloud,” You May Still Be Exposed to PCI Compliance Risk

December 11, 2013 • Published Categories Best Practices, Industry TopicsTags , , , , ,

Here’s a news headline that is currently scaring security executives and causing a few sleepless nights: “NSA Has Hacked 50,000 Computers Globally.” What does this have to do with PCI compliance, you might ask? If the National Security Agency can easily hack into private computer … Read more