Home PCI News
 

Strategic Sponsors

verisign_logo

 

nubridges_logo

 

protiviti_logo
PDF Print E-mail
Justifying the Cost of Compliance

Download this free executive briefing on how to justify the cost of PCI compliance in your organisation

PCI DSS compliance can become a headache for organisations with costs seemingly always escalating. How do companies keep control of their costs, and where can they get additional resources from? At the same time, are there any other projects which organisations can use to piggy back on?

With the release of version 1.2 still fresh in the mind, 27 senior security, compliance analysts and managers from 18 enterprise-level organisations drawn from the finance, retail, travel and utility sectors came together to discuss their company’s approach to compliance.

 
PDF Print E-mail
Martin Petrov to address PCI DSS Conference
Martin Petrov, Business Development Director, Onformonics Ltd. has been added to the speaker rosta for the PCI Conference. he will present "Implementing a successful compliance program".
Onformonics Ltd is a compliance management services company, dedicated to assisting businesses understand, achieve and maintain compliance with various regulatory and industry standards in the area of information security.  With the cost of compliance ever increasing Onformonics practical, experienced and innovative approach to the area of compliance can help to contain the cost of compliance by ensuring that compliance is simply part of normal business operations. Onformonics also seeks to help businesses increase the business value of compliance by leveraging compliance standards to reduce risk, increase management visibility and implement best practices.
 
PDF Print E-mail

The Prioritized Approach framework

The PCI Security Standards Council, has released released a new resource to promote card data security through adoption of the PCI DSS. The Prioritized Approach framework helps merchants identify highest risk targets, create a common language around PCI DSS
implementation efforts and demonstrate progress on the compliance process to key stakeholders.

The Prioritized Approach framework was created to help merchants who are not yet fully compliant with the PCI DSS understand and reduce risk while on the road to compliance. Comprised of six security milestones outlined below, the tool focuses on best practices for protecting against the highest risk factors and escalating threats facing cardholder data security:

• Milestone One: If you don't need it, don't store it
• Milestone Two: Secure the perimeter
• Milestone Three: Secure applications
• Milestone Four: Monitor and control access to your systems
• Milestone Five: Protect stored cardholder data
• Milestone Six: Finalize remaining compliance efforts, and ensure all controls are in place.

"Securing cardholder data is the ultimate priority and following the PCI DSS is the best way to achieve this. The Prioritized Approach framework will help stakeholders understand where they can act to reduce risk earlier in their journey towards PCI DSS compliance," said Bob Russo, general manager, PCI Security Standards Council. "The launch of these new guidance and interactive documents are another step by the Council to increase understanding of and education around PCI DSS among merchants, providing them with insight into how they can protect card holder data faster and demonstrate progress and compliance with the PCI DSS."

The Prioritized Approach was compiled after considering actual data compromise events, feedback from Qualified Security Assessors (QSAs) and forensic investigators and input from the PCI SSC Board of Advisors. The framework gives practical suggestions on how to approach compliance with PCI DSS to create the most immediate impact on card data security in a merchant's environment. The Prioritized Approach also creates a common language to improve communication around compliance progress between merchants, QSAs, acquiring banks and card brands.

The Prioritized Approach framework is available on the Council's website and includes a reference document and simple to use, downloadable worksheet that allows merchants to sort specific PCI DSS requirements by Prioritized Approach milestones.

Details about the Prioritized Approach can be found at:
https://www.pcisecuritystandards.org/education/prioritized.shtml
 
PDF Print E-mail
 New PIN entry devise requirements

20 April 2009: Standard (PCI DSS), PCI PIN Entry Device (PED) Security Requirements and the Payment  Application Data Security Standard (PA-DSS), today expanded its PIN Entry Device Security Requirements program to cover two new types of devices; unattended payment terminals (UPTs) and hardware security modules (HSMs).

Unattended payment terminals are an increasingly popular form of conducting payment transactions and are used in a variety of scenarios such as museum and concert ticketing, kiosks, automated fuel dispensers and car parking facilities. Hardware security modules are non-user facing devices used in PIN translation, payment card personalization, data protection and e-commerce.

Both UPT and HSM hardware devices can now undergo a rigorous testing and approval process by Council labs to ensure they comply with the industry standards for securing sensitive cardholder account data at all points in the transaction process. The evaluation process includes the logical and physical security of each product. The Council will also provide a list of approved devices on its website, provide documentation and training for labs evaluating these devices and be the single source of information for device vendors and their customers.

"The Council advocates a multi layered approach to security, based on PCI Standards," said Bob Russo, general manager, PCI Security Standards Council. "The evolution of our PED Security Requirements Program incorporates a comprehensive testing process for UPTs and HSMs so that all components of these devices will now be tested. We are addressing the

industry need among vendors and merchants to protect cardholder data in all point-of-sale environments."

For More Information

The new security requirements and evaluation vendor questionnaires can be found on the PCI SSC website here:

https://www.pcisecuritystandards.org/pdfs/PCI_PED_General_FAQs.pdf

https://www.pcisecuritystandards.org/security_standards/ped/index.shtml

 
PDF Print E-mail

PCI Data Security Standard Self-Assessment Questionnaire

The PCI Data Security Standard Self-Assessment Questionnaire is a validation tool intended to assist merchants and service providers in self-evaluating their compliance with the Payment Card Industry Data Security Standard (PCI DSS). There are multiple versions of the PCI DSS SAQ to meet various scenarios. This article by The PCI Security Standards Council explains which questionaire applies to your circumstances.

Download the Questionaire now.
 
More Articles...
<< Start < Prev 1 2 Next > End >>

Page 1 of 2
Joomla Templates by Joomlashack