PCI Compliance Archives

Top (Application) Development (Information Security) Mistakes to Avoid

From Vericode and industry experts

PCI Compliance – 96% of victims subject to PCI DSS had not achieved compliance

I’m going to refer to another something in a previous blog, the one about Verizon’s 2012 Data Breach Report regarding PCI Compliance.

(more…)

PCI Compliance Guidelines: Locking Down Firewall Rules for Active Directory Replication

payment card industry compliance firewall

We all know Windows Active Directory is a great solution to centrally manage users and computers. (more…)

Guide to System Hardening | PCI DSS Compliance

A Guide to System Hardening:

The topic will address suggested system settings for complying with the PCI DSS v2.0 for a Microsoft Windows Server 2008 with a Domain Controller (more…)

Reasonable and Appropriate Data Security

Reasonable and Appropriate Data Security – An interesting case that the FTC filed recently (June 26, 2012) against a well-known hotel chain. (Names omitted for the purposes of this blog.) Notice the similarities to the PCI DSS requirements. (more…)

PCI Security Standards Council Releases Point-To-Point Encryption (P2PE) Resources

Latest press release from the PCI Security Standards Council – June 28, 2012: (more…)

Security Awareness training is required by PCI DSS

I often write about security awareness training, but it bears repeating periodically. Cyber security awareness training is required by some standards – the PCI DSS is pretty specific about requiring it. Security awareness training for the general employee population on at least an annual basis is a good idea. More technical training for IT (more…)

PCI Service Providers – Fines for Non Compliance

A number of clients have asked me about what sort of non-compliance fines or penalties they could potentially face as a PCI Service Provider, assuming there has been no security breach, but PCI DSS compliance has not been achieved. (more…)

3rd Party Providers

3rd Party Providers. Remember when the big car companies in Detroit went through their quality measures and certifications, then began requiring all their 1st tier vendors to undergo the same quality certifications? This later trickled down to the multiple tiers of vendors that supported the 1st tier vendors. It was (is) called QS 9000. (more…)

PCI Compliance News flash! Most QSAs provide their validation services on a fixed fee basis

PCI Compliance has been around for a while now. It’s funny to me to see QSAs now offering special pricing to provide services to Level 2 Merchants. Their packaged pricing includes fixed fee services to assist Level 2 Merchants in getting validated. (more…)

Previous 789 Next