Archives

• Experts predict active year of breaches ahead of EMV deadline

  • PCI and Data Protection News

  March 27, 2015

  

  Because payment cards with EMV security chips will proliferate within the market this year, experts expect that 2015 will be an active year for breaches. This is because criminals with tried-and-true methods of compromising existing POS systems will attempt to exploit the final window of time when those strategies are effective. 

  "It absolutely will be the worst year of fraud because criminals know we are putting bars on the windows with EMV," said Bob Letgers of Fidelity National Information Solutions. "They will exploit that channel as much as they can."

  Letgers made his remarks during a panel at the Consumer Bankers Association conference in Orlando, according to the Orlando Sentinel. As the October deadline draws closer, hackers have at least six months left to … more

• Verizon study shows PCI compliance is improving

  • PCI and Data Protection News

  March 24, 2015

  

  As payment card standards evolve, surveys have been conducted to gauge the level of seriousness merchants pay to remaining compliant with PCI requirements. On this blog, we discussed the troubling statistic that fewer than one-third of businesses remain compliant between PCI audits. A new study by Verizon posts a more encouraging outlook on the state of compliance, however, as it found that the total number of compliant organizations rose by 20 percent last year. 

  The shift may be due to two primary reasons. First, with new standards in place this year, PCI compliance is factoring more prominently into the conversation about payment card security. On the other hand, a spate of high-profile breaches has positioned security practices as an important risk reduction measure. The … more

• Strong third party relationships can boost efficiency of response plans

  • PCI Compliance

  March 09, 2015

  

  One of the most important facets of payment card security is enacting an emergency response plan. Prevention efforts can only go so far to protect merchants from the fallout of a breach, so preparing for the worst is an integral part of data protection strategy. 

  On this blog, we recently discussed how continuous attention to compliance measures like auditing helps companies identify breaches as soon as a compromise occurs. But then what?

  "Once auditing is in place, you should be able to detect and respond to any incidents that fall outside of normal business rules," explains Steve Dickson, vice president and general manager of Windows Management, Dell Software in CIO Magazine. "Have a solution that can simultaneously audit and alert. You also need to remediate any issues by … more

• PCI 3.0 standards expect more constant vigilance from vendors

  • PCI Compliance

  March 06, 2015

  

  One of the biggest hurdles to payment card processing security is for companies to remain compliant between audits. As we've reported on this blog, many don't. However, continuous review and monitoring is written into the new PCI 3.0 standards to prevent companies from overlooking their responsibility to evaluate practices on an ongoing basis. Instead of cramming for a PCI audit, businesses are expected to integrate assessment measures into their regular operations. 

  Experts say that those expectations may be the most challenging difference between old PCI standards and the latest guidelines. 

  "PCI DSS 3.0 inherently implies that organizations adopt continuous compliance and monitoring to reduce the risk of a breach...," writes Torsten George of Info Security Magazine. "This … more

by Ty Hardison

Share this Post