High-risk payment acceptance is everywhere. A recent payment experience at my local dry cleaners caused me some alarm, so much so that I described it in detail on LinkedIn: Without any real forethought I pulled out my debit card. Maybe it was the knowledge that … Read more
The recent rash of data security breaches stemming from insecure remote access and user credential management issues has prompted Visa to issue a Data Security Alert to all merchants and the acquirers who serve them. Here is the statement from Visa’s email, which ControlScan received … Read more
The best way to truly strengthen your business’s security posture—which is the goal of the PCI DSS—is to have a sober understanding of your risk as well as the full scope of your PCI compliance responsibility. Here are five best practices for easily and cost-effectively … Read more
NOTE: There have been updates to the PCI DSS 3.0 standard since this post was published. The current revision is 3.2r1.1; however, the only significant changes to the SAQ B-IP have been the additions of segmentation testing and multifactor authentication for all remote access. The new … Read more
According to the most recent Verizon Data Breach Investigations Report, hackers are apparently spending a lot more time discovering the latest hip, trendy restaurants. But they are not spending money on artisanal cheeses, free-range chicken, or chickpea and orzo salad with Piquillo pepper vinaigrette. Nope. They … Read more
If you must store credit card data or you are interested in strengthening your current security practices, it is important to focus attention on your Web applications. PCI Requirement 6.6 requires that you ensure that all Web-facing applications are protected against known attacks by applying … Read more