PCI Compliance Credit Card


PCI Compliance Adoption Rates. Visa’s latest report (updated as of June 30, 2010) on the percentage of the current merchant and service provider population currently validated as PCI compliant shows that most companies have now achieved compliance with the PCI Data Security Standard (DSS).

If your organization has been putting off PCI compliance, you are part of a quickly shrinking population and will probably start receiving monthly non-compliance fines, if that hasn’t already started.

The PCI DSS is a difficult set of requirements to address, but it’s part of the reality of accepting credit cards in today’s business world. It may not be easy or inexpensive to achieve PCI compliance, but it’s certainly far less costly than the consequences of a data breach when not fully compliant, especially when the statistics show that the majority of other businesses are meeting the standard.

If you’re feeling overwhelmed by the standard and how to begin the remediation process, you may want to consider HALOCK’s PCI Discovery offering, which is designed to help organizations get a strong start on PCI compliance, while providing the education needed to avoid costly mistakes during the process.

Jeremy Simon, PCI QSA, CISSP, CISA
Practice Lead, PCI Compliance Services

 

PCI DSS Requirements

PCI DSS Requirement 5.4.1: Anti-spoofing controls such as DMARC, which stands for Domain-based Message Authentication, Reporting and Conformance, Sender Policy Framework (SPF), and Domain Keys Identified Mail (DKIM) can help stop phishers from spoofing the entity’s domain and impersonating personnel. 

Clarification on eCommerce Outsourcing PCI DSS requirements 6.4.3 and 11.6.1

Unpacking the New PCI DSS Password Standards

Is Your Organization Prepared for PCI DSS Automation – Requirement 10.4.1.1?

What is the PCI DSS v4 Authenticated Scanning Mandate – Requirement 11.3.1.2?

What is the PCI DSS v4.0.1 Requirement for PoLP – Requirement 7.2.5?

PCI SSC Updates SAQ A: Removal of Key eCommerce Security and New Eligibility Criteria – Requirements 6.4.3, 11.6.1, 12.3.1

The New PCI DSS v4.0.1 Software Catalog Mandate – Requirement 6.3.2

How PCI DSS 4.0.1 Tackles Service Account Vulnerabilities – Requirements 8.6.1, 7.2.5.1, 8.6.2, 8.6.3, 10.2.1.2

Are You Keeping an Inventory of Cipher Suites and Certificates for the New PCI DSS – Requirements 12.3.3, 4.2.1.1?

How to Analyze An Attestation of Compliance (AOC)

PCI Compliance New Requirements and Targeted Risk Analysis (TRA)

 

RESOURCES & NEWS

Learn more about Penetration Testing and new exploits in HALOCK’s Exploit Insider.

The Dangers of Legacy Protocols

Exploiting API Endpoints

Abusing Default Credentials

Weaponizing Legacy Software

 

PCI Targeted Risk Analysis & DoCRA

https://www.halock.com/pci-compliance-new-requirements-and-targeted-risk-analysis/

 

HIPAA & Penetration Testing & Incident Response Plans

https://www.halock.com/are-you-ready-for-the-enhanced-hipaa-requirements-for-penetration-testing-and-more/

 

Top Threats in Healthcare

https://www.halock.com/top-cyber-threats-in-healthcare/

 

Cloud Security Risk Management

https://www.halock.com/prioritized-findings-and-remediation-in-cloud-security-reporting/

 

Penetration Testing Reports to Manage and Prioritize Risk

https://www.halock.com/a-threat-based-approach-to-penetration-test-reporting/