Tag: PCI DSS compliance

Retail giant Target became the target of a data breach that potentially involved 40 million customer credit and debit card records. The retailer isn’t saying how the breach happened, but Avivah Litan, a security analyst with Gartner Research, has a strong opinion. She told The Associated Press that given the millions of dollars Target spends on security each year, she believes the breach may have been an “inside job.” Various mainstream media sources reported the story late Wednesday after the …

Yesterday, I blogged about the new PCI DSS 3.0 document that contains a number of clarifications, additional guidance and evolving (new) requirements. The part I’m going to focus on is the evolving requirements, as they represent the changes that ensure that the standards are up to date with emerging threats and changes in the market. They also represent the greatest changes between the old and new documents, and are relevant to merchants and service providers that are already PCI DSS …

Adobe was hit with a data breach last week that compromised their source code of several products, including Adobe Acrobat, ColdFusion Builder and other Adobe products. Hackers also accessed and removed 2.9 million customers’ data, including names, encrypted credit/debit card numbers, login data and other information related to customer orders/accounts, making it a significant PCI DSS data breach. While the information reported by Adobe is limited as investigation is ongoing, KrebsOnSecurity.com, a security blog written by a former Washington Post …

A few major takeaways from Trustwave’s 2013 Global Security Report reveal that the retail industry was at the top of data breach investigations at 45 percent. A total of 96 percent of customer records (payment card data, PII (personally identifiable information) and email addresses) were targeted, while the rest included confidential information, intellectual property, electronic protected health information (ePHI) and business financial account numbers. In 2012, the retail industry saw a 15 percent increase compared to 2011 in data breaches. …

InternetRetailer.com recently reported that ecommerce sales have increased to 18.4 percent, as estimated by the U.S. Commerce Department in Q2, bringing online sales back to their pre-recession growth rates. Comparing Q2 2013 to Q2 2012, ecommerce sales rose to $65 billion compared to $54.7 billion, the largest year-over-year increase since before 2008. Much of the growth in online retail sales are attributed to the largest retailers, including Wal-Mart and Amazon, rising 30 and 29.6 percent in online retail sales, respectively. …

The PCI Security Standards Council recently issued a press release about anticipated changes to the PCI DSS (Payment Card Industry Data Security Standards) and PA-DSS (Payment Application Data Security Standard) as a preview for the changes in the third version of the standards to be released November 2013. Version 3.0 features even more changes than version 2.0 as a result of a three-year standard development lifecycle, meaning the council has been conducting industry research since 2010 for the latest revisions. …

Last month Jeremy King, the European Director for the Payment Card Industry Security Standards Council (PCI SSC) had an interview with BankInfoSecurity.com, in order to address pain points they encounter as they continue to shape the Payment Card Industry Data Security Standards (PCI DSS). The issues of new technology and the propensity for more organized criminal activities creates unique problems for the council. Any company that stores, transmits, or processes credit cardholder data must be PCI compliant, and as a …

For ecommerce websites, partnering with a PCI DSS compliant hosting provider can help you achieve many requirements of the standard while building a layered security solution to protect credit cardholder information, whether stored or merely in transit. Where should you start? [If you’re not sure what the requirements are, read What is PCI Compliance?] For a fully protected system with multiple layers of technical security, start with a web application firewall (WAF), a device that sits behind your virtual or dedicated …

Recently, Nasdaq.com reported on hackers that gained access to more than a dozen major global payment processor, retailer and financial institutions’ systems, including NASDAQ (trading platform unaffected), 7-Eleven, JC Penney, Heartland Payment Systems, Visa Jordan, Global Payment, JetBlue, Dow Jones and others. In a press release from last week, a federal indictment announced that five men in Russia were charged with conspiring in the international hacking scheme which resulted in 160 million credit card numbers stolen. Issued by the U.S. …

The State of California released a report on 2012 data breaches that found 1.4 million residents would have had their information protected if companies had encrypted data in transit when sent from their company’s network. The report showed 131 data breaches affected 2.5 million Californians, as well as listing recommendations of how to avoid loss or theft of data. Among their recommendations were employing data encryption; reviewing and tightening security controls on personal information; training employees and contractors; revising breach …

Get started now. Exceptional service awaits.

Live Chat