Results for the tag,

 

PCI DSS

PCI DSS: Short for Payment Card Industry (PCI) Data Security Standard (DSS), PCI DSS is a standard that all organizations, including online retailers, must follow when storing, processing and transmitting their customer's credit card data. The Data Security Standard (DSS) was developed and the standard is maintained by the Payment Card Industry Security Standards Council (PCI SSC).  To be PCI complaint companies must use a firewall between wireless network and their cardholder data environment, use the latest security and authentication such as WPA/WPA2 and also change default settings for wired privacy keys, and use a network intrusion detection system. (Source: Webopedia)

2012 Data Breach Investigations Report


Section: Research
An insightful study, packed full of useful, well-presented data on information security breaches covering a dataset of 855 confirmed security breaches accounting for a combined 174 million compromised records. Complied with the collaboration of enforcement agencies from around the world, including the US Secret Service, Verizon’s 2012 report shows that many security breaches are the results of more than one threat action (malware, hacking, social, misuse, physic ...   read more

PCI DSS Virtualization Guidelines


Section: Research
Virtualization separates applications, desktops, machines, networks, data and services from their physical constraints. Virtualization is an evolving concept, encompassing a broad range of technologies, tools, and methods, and can bring significant operational benefits to organisations that choose to leverage them. As with any evolving technology, however, the risks also continue to evolve and are often less understood than risks associated with more traditional technologies. ...   read more

Retailers and small shops can use the cloud and managed services to be PCI compliant


Section: Articles
Compliance of any sort tends to send CIOs shaking in their boots, and CFOs reaching for the corporate cheque book. PCI-DSS, the international payment card industry standard for security, was meant to create an environment in which customer data is kept private. And to the credit of the creators of PCI-DSS, the stated measures that must be taken are mostly common sense items that merchants and ot ...   read more

10% of all IT Security to be Delivered in the Cloud by 2015


Section: News
The cloud-based security technology industry will account for 10% of all IT enterprise security by the year 2015, according to the latest research from Gartner. Cloud is driving changes in the market landscape around a number of key areas, such as secure email and web gateways and it’s thought that by 2016, the cloud-based security services market will be worth around $4.2bn. "Demand remains high from buyers looking to cloud-based security services to address a lack of ...   read more

12 Steps to becoming PCI Compliant


Section: Articles
The Payment Card Industry Data Security Standard (abbreviated to PCI DSS or commonly, just PCI) is a set of 12 requirements designed to secure and protect customer payment data. These 12 requirements of PCI DSS compliance can be quite daunting for any merchant. These are listed below:   Build and Maintain a Secure Network  read more

A fifth not PCI compliant, says Gartner


Section: News
Gartner has found that almost a fifth of firms are not compliant with the Payment Card Industry (PCI) Data Security Standards (DSS). The research specialist believes that the gap is hugely surprising considering the importance placed on PCI DSS compliance by tech firms.Lawrence Pingree, research director at Gartner, said that it was clear from the survey results that security solution providers n ...   read more

An Introduction to becoming PCI Compliant


Section: Research
This white paper discusses the background of the Payment Card Industry Data Security Standard (PCI DSS), its commercial and technological implications. It includes a case study of implementing the PCI DSS Standard and how this experience could help you to reduce lead times, lower audit costs and reduce infrastructure expenditure for your own business’s PCI compliance programme. Every merchant that processes card payments and retains card payment d ...   read more

Businesses struggle to comply with PCI standards, study shows


Section: News
Too many businesses are putting consumers' confidential information at risk because they are struggling to comply with the Payment Card Industry's (PCI) data security standards. A recent audit conducted by Verizon showed that just 21 per cent of 100 organisations met the necessary PCI criteria. Placeholder0According to the report, companies fell particularly short on pro ...   read more

Cloud firms publish PCI DSS best practice guidelines


Section: News
Members of the Payment Card Industry Data Security Standard (PCI DSS) Virtualization Special Interest Group - which includes Cisco, VMware and Trend Micro - have published a new reference guide for businesses that wish to ensure their cloud-based architecture complies with PCI DSS 2.0.The guidance is based on new regulations that cloud computing service providers are expected to adhere to in the new year and could help formalise a global approach toward things like cloud security - a pro ...   read more

Data security – the $100 billion problem that companies must fight


Section: News
The data security debate rumbles on as 71 per cent of merchants claim to have stored unencrypted card data in 2011. The figures, published following a survey by merchant data leader SecurityMetrics, highlight the need for firms to encrypt their data and continue the fight against hackers and thieves. In his blog, SPVA spokesperson Steven Hughes wrote: “These are troubling numbers, especially for an industry marked by ever-changing technology and increasingly sophisticated hack ...   read more

Gartner Survey on IT Security spend in 2012 reveals PCI non-compliance of 18%


Section: News
Even as trends of changes in IT security spending emerged from a recent Gartner Survey on budget outlays for 2012, it bust the story on PCI-conforming businesses, revealing close to 18% are non-compliant in real time. Payment Card Industry Data Security Standard 2011 (PCI DSS) is a hot-topic for enterprises as their PCI-compliance status is a coveted r ...   read more

How to take the Pain Out of the PCI Process


Section: Research
PCI DSS is about preventing card payment information held by merchants, or other third parties, from being used fraudulently and all the consequential financial and reputational losses associated with this.   In this White Paper, you will learn: How to streamline the PCI process How to choose the right partners for PCI compliance The ...   read more

Lack of PCI encryption in retail is alarming


Section: News
The lack of financial data encryption in the retail industry may force the security industry to refocus its efforts. According to SecurityMetrics, 71 per cent of sellers stored their customers' credit card and debit card information in an unencrypted format this year.This represents an eight per cent increase on 2010 figures - an alarming rise considering the lack of encryption is in direct contravention of the Payment Card Industry read more

Open source virtualization championed by new alliance


Section: News
An alliance of top software developers - including Canonical, Cisco, IBM, Intel, NetApp, Red Hat and SUSE - has been created to champion the development of open source virtualization platforms. The oVirt project has the core aim of creating an openly governed virtualization stack that would allow for much better integration and the implementation of more advanced management techniques.Jean Staten Healy, director of Linux at IBM, said: "We are excited to be a part of the oVirt project." H ...   read more

PCI compliance and the public cloud


Section: Articles
Public perception of how safe credit card and identity information is when placing an order over the Internet has swung from outright suspicion and fear, to acceptance. Internet transactions are at an all-time high especially during the holiday season, and the relatively new phenomenon of "Cyber Monday” has catapulted Internet commerce to the point where merchants now depend ...   read more

PCI compliance in the Cloud doesn’t have to be scary, experts say


Section: News
The PCI Security Standards Council’s recent virtualization guidance document has indicated that merchants who choose cloud providers for payment processing, rather than the cloud providers themselves, maintain responsibility for safeguarding information and complying with PCI DSS. While it is possible for a cloud provider to offer a PCI com ...   read more

Protecting Sensitive Data is Number One Security Priority


Section: Articles
With an explosion of data breaches in recent years, the protection of sensitive information has become a top priority for security organisations worldwide. According to the Privacy Rights Clearinghouse, more than 535 million records have been breached in 2,651 incidents made public since 2005.1 Attackers have targeted virtually the entire gamut of sensitive content, from personal financial account data to intellectual property and high-value information of concern to the most senior lev ...   read more

The commercial implications of PCI


Section: Articles
Ultimately there is no escape from PCI. Whether you are a sophisticated multinational retailer or a small business that accepts card payments – online or offline, it is widely expected that much more rigorous enforcement will be commonplace from 2012.   Technologies and strategies for dealing with PCI are still catching up, although technolog ...   read more

Unifying Data Encryption


Section: Research
With the growing emphasis on the need to protect sensitive data, encryption has become a focus of interest for organisations worldwide. Yet data encryption has long had its challenges in deployment. If you are responsible for the protection of sensitive information in a Linux environment and often find yourself wondering which way to turn when it comes to simple transparent and unified data encryption, this paper will interest you.
  read more

What is PCI?


Section: Articles
Every merchant that processes card payments and retains card payment details must adopt the Payment Card Industry Data Security Standard (PCI DSS).  Failure to do so can result in merchants being subject to substantial fines, higher transaction costs or ultimately the suspension of banking facilities.   A single retailer, or merchant, can process millions payment card transactions each year. If an unauthorised route is found into that merchant’s ...   read more

1