(It’s more than you think—and you’re more at risk than you know.) Confusion. Denial. Plain old wishful thinking. That’s what we hear when we talk to people about the real cost of data breach. Whether you’re an ISO, an acquirer, or a merchant, maybe you’ve … Read more
Is PCI compliance a law? The short answer is no. The long answer is that while it is not currently a federal law, there are state laws that are already in effect (and some that may go into effect) to force components of the PCI … Read more
Companies frequently ask us about what constitutes a payment application as it relates to PCI Compliance. The term payment application has a very broad meaning in PCI. So hopefully the content of this brief article will help clarify the subject and better define the term. … Read more
If you must store credit card data or you are interested in strengthening your current security practices, it is important to focus attention on your Web applications. PCI Requirement 6.6 requires that you ensure that all Web-facing applications are protected against known attacks by applying … Read more
The media’s increased focus on data breaches. As the settlement terms of the most talked about data breach in 2007-the TJX data breach-are being assessed in the millions, the Media’s attention has only increased its focus on data breaches. Industry-specific guidelines and compliance measures, such … Read more
Though a smaller data breach than its predecessors at TJX and ChoicePoint, the musical instrument company Bananas.com (Bananas at Large) was the victim of a hacker, who, according to published reports stole an administrative password by accessing Bananas.com systems as a remote user. What’s interesting … Read more