Blog Posts Tagged with "PCI SSC"

Fc152e73692bc3c934d248f639d9e963

Understanding the Intent of PCI Requirement 11.2

February 09, 2011 Added by:PCI Guru

Requirement 11.2 requires that vulnerability scanning is performed at least quarterly. Given the 30 day patching rule and the fact that scanning must be performed after all “significant” changes, an organization really needs to conduct monthly scanning at a minimum to stay compliant...

Comments  (2)

Fc152e73692bc3c934d248f639d9e963

RTFM: Take the Time to Read the Documentation

January 18, 2011 Added by:PCI Guru

The PCI SSC’s Web site contains all of the documentation you need to interpret the PCI standards, yet it seems the only document that people download and read is the PCI DSS. If people would just read the rest of the documentation that is available, we would all be better off...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

The Harsh Reality Of Security

January 09, 2011 Added by:PCI Guru

Chris Skinner asks the question, “Why does the card securities council not care about card security?” What concerns me is the title of the article as it again implies that the PCI standards do nothing to secure cardholder data. I thought I would take a shot at answering this question...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

PCI SSC Backs Off Certifying Mobile Payment Apps

January 05, 2011 Added by:PCI Guru

A mobile payment refers to the use of a wireless device as a cash register. This is one of the reasons why the PCI SSC has pulled back on certifying mobile payment applications. The definition is becoming too broad and confusing thus creating too many issues to cover in a quick time...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

The PA-DSS Certification Clarification

December 16, 2010 Added by:PCI Guru

Changes that fall into these two categories do not require that the PA-QSA conduct a re-assessment of the application and file a new Report On Validation. The application continues to hold its existing PA-DSS certification. However, the PA-QSA is required to prepare and file a Minor Update...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Interesting Announcements From The PCI SSC

December 08, 2010 Added by:PCI Guru

The last year has tried to keep QSAs in the loop by issuing a monthly Assessor Update newsletter via email. These usually are not noteworthy, but the November 2010 issue contains a number of items that need to be shared just in case you miss your edition or you are not a QSA...

Comments  (1)

6d117b57d55f63febe392e40a478011f

Heartland Regains PCI Compliant Status

May 03, 2009 Added by:Anthony M. Freed

Heartland’s removal from the list of compliant payment processors had followed revelations that the company had suffered what may have been the largest data breach of payment card information to date, although details of the incident have not been made available due to ongoing investigations...

Comments  (5)

6d117b57d55f63febe392e40a478011f

Payment Card Industry Swallows Its Own Tail

April 01, 2009 Added by:Anthony M. Freed

The greatest threat to the survival of PCI DSS (Payment Card Industry Data Security Standard) may not be the ever-evolving tactics of the criminal hackers, but instead the dysfunctional nature of the relationships between the very parties the standards are meant to serve...

Comments  (2)

Page « < 1 - 2 - 3 > »