The PCI Security Standards Council will soon release an update to its PCI Data Security Standard, requiring the use of multifactor authentication for administrators who have access to card data networks. In an interview, the council's Troy Leach explains the new requirements and compliance expectations.
Organizations handling transactions involving credit or debit cards are facing increasing pressure to comply with the Payment Card Industry Data
Security Standard (PCI DSS) version 3, which established
various requirements for safeguarding an organization's relevant systems and networks, comprising the
The PCI DSS was developed to "encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect cardholder data." Even by following the PCI DSS guidelines, it is...
A lawsuit filed against security firm Trustwave is raising questions about "PCI Professional Forensic Investigators" and how they are monitored by the PCI Security Standards Council. But experts say the onus is on companies, not the council, to ensure their security practices are adequate.
In the largest monetary award obtained by the FTC in an enforcement action, LifeLock has agreed to pay $100 million to settle a case that, in part, stemmed from the identity protection company failing to establish and maintain an information security program to protect customers' personally identifiable information.
In the age of payment card breaches, PCI compliance is a top priority for merchants and organizations that process electronic payments. But what difference does it make when its PCI compliance in the cloud? Steve Neville of Trend Micro shares insight.
Even though the U.S. is migrating to the EMV chip, Visa is still stressing the need for merchants to comply with the PCI Data Security Standard, says Eduardo Perez, the card brand's senior vice president of payment risk, in this video interview.
The recent data breach at U.K.-based telecom company TalkTalk illustrates that breach risk mitigation is a critical issue worldwide. PCI's Jeremy King, who will be a featured speaker at ISMG's Fraud Summit London on Oct. 27, explains why European data security is getting more scrutiny.
Five best practices noted in version 3.0 of the PCI Data Security Standard will become requirements after June 30, with remote access and third-party risks the key focus - particularly for smaller merchants.
The PCI Council has just released PCI DSS 3.1, which calls for mothballing the SSL encryption protocol. What do security leaders need to know about the revised standard? Troy Leach of the council offers insights.
The PCI Security Standards Council has published a new version of its data security standard that calls for ending the use of the outdated Secure Sockets Layer encryption protocol that can put payment data at risk.
Troy Leach of the PCI Security Standards Council says data security standards are not failing; they just aren't being applied continuously. And conformance with the Payment Card Industry Data Security Standard is just one piece of the puzzle.
Experts debate the value of new PCI guidance for how businesses should use penetration testing to identify network vulnerabilities that could be exploited for malicious activity. Does the new advice go far enough?
Although breaches affecting U.S. retailers are widely reported, Verizon's new PCI Compliance Report shows increases in the theft of payment card data and other personal information span numerous industries in all international markets.
Data breaches are inevitable, hence it's up to executives to ensure their enterprise is secured, without trying to encrypt everything, warns Prakash Panjwani, president and chief executive officer of SafeNet.