PCI SSC Issues New Data Breach Guidance

September 30, 2015 • Published Categories PCI 101Tags , , , ,

The PCI Security Standards Council (SSC) has issued welcome new guidance to help organizations respond to a data breach event. In its September 29 press release, the Council writes: “For any organization connected to the internet, it is not a question of if but when … Read more

Got a Payment Card Data Breach?

December 1, 2014 • Published Categories Best PracticesTags , , ,

While many payment card data breaches are easily preventable, they can and do still happen to businesses of all sizes. If your small or mid-sized business has discovered it’s been breached, the ETA’s Risk, Fraud & Security Committee and Arnall Golden Gregory LLP have produced a straightforward guide … Read more

OpenSSL ‘Heartbleed’ Vulnerability Advisory

April 9, 2014 • Published Categories Industry TopicsTags , , ,

UPDATE: Check for vulnerabilities in your website with the ‘Heartbleed’ Bug Test. ## Original Post: ControlScan advises its customers and clients with eCommerce websites, or those which handle sensitive data, that a critical vulnerability has been discovered affecting the OpenSSL 1.0.1 and 1.0.2-beta implementation of the … Read more

More Specialized SAQs: The New SAQ B-IP

April 8, 2014 • Published Categories Industry TopicsTags , , , , , , , , , , , ,

The new PCI DSS version 3.0 Self Assessment Questionnaires (SAQs) are out, and after our initial look, there are some notable differences. This article focuses on the brand new “SAQ B-IP” for “Merchants with Standalone, IP-Connected PTS Point-of-Interaction (POI) Terminals – No Electronic Cardholder Data … Read more

The Real Cost of Data Breach

April 16, 2009 • Published Categories ArchiveTags , , , , , , , ,

(It’s more than you think—and you’re more at risk than you know.) Confusion. Denial. Plain old wishful thinking. That’s what we hear when we talk to people about the real cost of data breach. Whether you’re an ISO, an acquirer, or a merchant, maybe you’ve … Read more

Data Breaches Part I – Is it Possible to Prevent the Inevitable?

October 22, 2007 • Published Categories ArchiveTags , , , , , , , ,

The media’s increased focus on data breaches.  As the settlement terms of the most talked about data breach in 2007-the TJX data breach-are being assessed in the millions, the Media’s attention has only increased its focus on data breaches. Industry-specific guidelines and compliance measures, such … Read more