Contents tagged with PCI Compliance

  • Earning your customers' trust through PCI compliance

    October 06, 2015
    For your customers to purchase with confidence, make sure you are PCI compliant today.

    Your business strives to not only grow in profitability, but also in maintaining a solid customer base. All of your valuable customers depend on you in order to safeguard their personal information, which can be achieved through compliance with PCI Security Standards. In light of recent, massive data hacks, consumers across the country are growing wary of merchants' abilities to protect their financial and sensitive information.

    Being PCI compliant means your customers can shop with confidence at your place of business, according to the PCI Security Standards Council. Without this compliance, your business could be in danger of canceled accounts, payment card issuer and government fines, lawsuits and more. 

    Despite the fact that businesses must be PCI compliant any time& … more

  • Strong third party relationships can boost efficiency of response plans

    March 09, 2015
    Good relationships with third party service providers can strengthen response plans.

    One of the most important facets of payment card security is enacting an emergency response plan. Prevention efforts can only go so far to protect merchants from the fallout of a breach, so preparing for the worst is an integral part of data protection strategy. 

    On this blog, we recently discussed how continuous attention to compliance measures like auditing helps companies identify breaches as soon as a compromise occurs. But then what?

    "Once auditing is in place, you should be able to detect and respond to any incidents that fall outside of normal business rules," explains Steve Dickson, vice president and general manager of Windows Management, Dell Software in CIO Magazine. "Have a solution that can simultaneously audit and alert. You also need to remediate any issues by … more

  • PCI 3.0 standards expect more constant vigilance from vendors

    March 06, 2015
    A more proactive approach to payment data security can reduce the risk of costly attacks.

    One of the biggest hurdles to payment card processing security is for companies to remain compliant between audits. As we've reported on this blog, many don't. However, continuous review and monitoring is written into the new PCI 3.0 standards to prevent companies from overlooking their responsibility to evaluate practices on an ongoing basis. Instead of cramming for a PCI audit, businesses are expected to integrate assessment measures into their regular operations. 

    Experts say that those expectations may be the most challenging difference between old PCI standards and the latest guidelines. 

    "PCI DSS 3.0 inherently implies that organizations adopt continuous compliance and monitoring to reduce the risk of a breach...," writes Torsten George of Info Security Magazine. "This … more

  • Robust penetration tests are critical to data security

    February 18, 2015
    Robust penetration tests are critical to data security.

    One of the most effective ways a company can determine the security of a card processing platform is to undergo a penetration test. These are required for PCI compliance, and merchants conduct them annually to identify vulnerabilities to preempt malicious hacking attempts. In a standard penetration test, administrators make their best effort to compromise a network in the manner of cybercriminals, thereby revealing which areas might be sensitive to a breach. 

    Mark Burnette of Net Security says penetration tests allow merchants to use the tools of hackers to help fortify existing systems. Rather than waiting for criminals to discover vulnerabilities in your payment card processing system, penetrating them yourself first can allow companies to double down on security. 

    "In the … more

  • New "Ghost" vulnerability prompts warning from Homeland Security Department

    February 09, 2015
    A new vulnerability called

    A new vulnerability called "Ghost" has emerged as a threat to computer systems, cautions PCI Security Standards. The United States Department of Homeland Security has issued a warning to users of Linux GNU C Library operating versions prior to 2.18. By remotely executing a code, hackers can take control of a system to install malware, manipulate files and carry out other illegal activities with stolen credentials, reports Mobile Payments Today. 

    The warning was released through the United States Computer Emergency Readiness Team, and PCI Security Standards Council made suggestions for companies to protect their secure payment card data in light of the new threat:

    First, companies should work with IT departments to find systems, servers and pieces of hardware that run a targeted … more

  • Less than one-third of retailers remain compliant between audits

    February 09, 2015
    According to Verizon's 2015 PCI Report, only 28.6 percent of retailers remain compliant with PCI standards in the periods between audits.

    Businesses that use credit card merchant services are held to PCI compliance standards, but many of them only do the legwork in advance of an audit. With the spate of headline-grabbing breaches, it's easy to see why this is bad business practice. According to Verizon's 2015 PCI Report, only 28.6 percent of retailers remain compliant with PCI standards in the periods between audits. This means that some companies are keeping up with standards imposed on credit card security for only a brief window of time, leaving them open to vulnerabilities for the remainder of the year. 

    "We see compliance going down day by day, month by month, after the assessment," said Rodolphe Simonetti, managing director for Verizon's compliance consulting. "Compliance is supposed to be … more

  • January marks the start of PCI version 3.0

    January 09, 2015
    Companies that rely on credit card merchant services must be compliant with a new set of Payment Card Industry Data Security Standards in 2015.

    Companies that rely on credit card merchant services must be compliant with a new set of Payment Card Industry Data Security Standards in 2015. Effective this month, version 3.0 will replace the previous set of standards, in an effort to enhance security and protect personal data for consumers. 

    PCI updates its standards every three years, as advances in technology and new vulnerabilities emerge, to make the industry more airtight to breaches. Experts say that while becoming compliant with new PCI directives might cause headaches in the short term, it will benefit companies and their customers in the long run. 

    "It's also a response to events that have taken place since the last DSS version, like the numerous security breaches and mass credit card data thefts that … more

  • Can merchants do enough to protect customers this holiday season?

    November 21, 2014
    We're a year removed from the Target breach that rocked the retail industry over the 2013 holiday shopping season, and as this year's busiest time approaches, it's important for merchants to ensure they don't allow a repeat of that PR disaster. However, some industry experts suggest they aren't doing enough to mitigate the risk of a breach.

    An article in USA Today suggests merchants are just as vulnerable this year as they were last year, even though a number of measures have been taken to improve overall payment security. The implementation of EMV technology was a major initiative this year, and earlier this fall Bank of America rolled out its security chip program. However, many stores have not implemented the technology needed to process these payments, according to the news source.

    " … more

  • Are you prepared for Small Business Saturday?

    November 13, 2014
    Small business Saturday is coming.

    Black Friday and Cyber Monday get all of the attention, but they aren't the only two shopping events that take place in the first few days after Thanksgiving. While major retailers like Walmart and eCommerce providers like Amazon do great business on their respective shopping holidays, what about small local businesses? They get their day too. On the day after Black Friday, consumers are encouraged to visit their local businesses in an event called Small Business Saturday.

    This is an opportunity for smaller companies who can't compete with those offering major door-buster deals as early as Thanksgiving morning to take advantage of the busy shopping weekend. It's a chance for those who want to support their local economy to do just that. Erikka Storch, the Wheeling Area Chamber of … more

  • How do consumers feel about shopping at breached retailers this holiday season?

    November 05, 2014
    More than half of surveyed consumers are ok with shopping at breached retailers this holiday season.

    This upcoming holiday shopping season will be the culmination of what was a tumultuous year in the retail security industry. Starting shortly after last Thanksgiving at Target, a number of big-name retailers have been victims of serious security breaches, ranging from Home Depot to Michael's and Staples, which is currently investigating a potential incident that may have occurred earlier this fall. These were all high profile cases, which means the public, who will soon have to decide which stores to shop at for holiday gifts, may want to stay away from those that have been victimized by security breaches.

    A recent study conducted by Creditcards.com sought to evaluate the general sentiment surrounding stores like Target, Home Depot and Staples as we head into the holiday shopping … more