PCI Compliance Archives

Does CCPA Affect You? What the 2020 Deadline Means for Reasonable Security

The California Consumer Privacy Act (CCPA) and more states are shaping data privacy management for reasonable security.

(more…)

Cybersecurity Regulations: What the NYCRR 500 Deadline of March 1, 2019 Means to You

New York City is often referred to as the financial capital of the world; with the state of cybersecurity today and the increasing barrage of threats that financial related institutions must combat on a daily basis, it is no wonder that New York became the first state (more…)

Ready for March 1, 2019? 23 NYCRR 500 SECTION 11

THE NEW YORK STATE DEPARTMENT of FINANCIAL SERVICES (DFS) CYBERSECURITY REGULATION 23 NYCRR 500 SECTION 11

(more…)

PCI Deadline is Fast Approaching on June 30, 2018

by Viviana Wesley PCI QSA, ISO 27001 Auditor – Managing Consultant, Governance & Compliance Services

Cyber security is a moving target. The technology and policies that kept users, devices and data safe at one time are eventually compromised at some point by the growing skills of cyber criminals and technology itself. This is one of the reasons security standards (more…)

Clarifying the new PCI DSS 3.2 Requirements for Service Providers

The process of securing cardholder data is a shared responsibility amongst multiple parties that play a role in the card transaction process. They include merchants, processors, acquirers, backup tape storage facilities, issuers and service providers just to name a few. All of these entities play a part in the far-reaching responsibility of protecting consumer data. The Payment Card Industry (more…)

WHAT KIND OF SECURITY ASSESSMENT DO I NEED?

What kind of security assessment do I need? It’s a question we at HALOCK Security Labs hear all the time. Every regulation and information security standard in existence tells us that we must undergo some kind of regular assessment. But the security field has not been consistent in advising what kinds of assessments fit which purpose best. (more…)

THE FTC IS TELLING US THAT PCI DSS CERTIFICATION IS NOT ENOUGH. NOW WHAT?

As part of its enduring interest in LifeLock, Inc., the Federal Trade (more…)

A Merchant’s Guide to PCI SSC Compliance

A Merchant’s Guide to PCI SSC Compliance By Morgan Rickel PMP, QSA

If you are a merchant considering the implementation of a mobile payment acceptance solution, or if you are currently using one, the (more…)

Version 3.2 of the PCI DSS to be Released in Q2, ARE YOU READY?

Payment Card Industry Security Standards Council (PCI SSC) by Viviana Wesley, PCI QSA, ISO 27001 Auditor

The Payment Card Industry Security Standards Council (PCI SSC) will be releasing version 3.2 of the Payment Card Industry Data Security Standard (PCI DSS) in the second quarter of 2016 and will become effective as soon as it’s published. PCI DSS version 3.1 will be retired three (more…)

EMV (Europay, MasterCard, Visa): THE COMING SHIFT IN LIABILITY

‘Chip and PIN’, or EMV (“Europay, MasterCard, Visa”), is an open-standard set of specifications for smart card payments and acceptance devices and is a popular topic these days with HALOCK’s PCI clients. EMV is not a PCI requirement. However, there is a ‘liability shift’ in October 2015 that impacts brick and mortar merchants that accept credit cards (i.e. all of them). With (more…)

Previous 567 Next